QCT Security Notice Update
21 Jun. 2022

In response to Common Vulnerabilities and Exposures issue number CVE 2019-6260, QCT is releasing new firmware updates in the coming months to address QuantaGrid and QuantaPlex server arbitrary read and write access to the Baseboard Management Controller (BMC) physical address space from the host and — in some cases — from the network.

Please note that QCT’s security team discovered this issue in 2019 and made the firmware available upon request as we do not provide our firmware updates publicly. Due to changing circumstances, QCT has also decided to update and extend the firmware updates to all of our product systems using the ASPEED AST2400 and AST2500 SoCs listed below. The firmware for QuantaGrid D52B-1U, D52BQ-2U is available in late June 2022 with the remaining T42S, D52G, D52T, D53N, D43K updates coming in September 2022 and D52BM, T42SP, D52Y, D43KQ, D52BV, Q72D in November 2022.

CVE(s): CVE-2019-6260

Affected product(s):

QuantaGrid D52B-1U, QuantaGrid D52BQ-2U, QuantaGrid D52BQ-2U 3UPI, QuantaPlex T42S-2U, QuantaGrid D52G-4U, QuantaGrid D52T-1ULH, QuantaGrid D53N-3U, QuantaGrid D43K-1U, QuantaGrid D52BM-2U, QuantaPlex T42SP-2U, QuantaGrid D52Y-2U, QuantaGrid D43KQ-2U, QuantaGrid D52BV-2U, QuantaGrid Q72D-2U

For remediation:

Contact your QCT Channel Partner or Sales Representative for better service or send a support inquiry to our Contact Us page.