CVE-2020-24473 | Severity.io

Description

Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Related CPE's

baseboard_management_controller_firmware

Vulnerable

compute_module_hns2600bpb24r

compute_module_hns2600bpbr

compute_module_hns2600bpq24r

compute_module_hns2600bpqr

compute_module_hns2600bps24r

compute_module_hns2600bpsr

server_board_s2600bpb

server_board_s2600bpbr

server_board_s2600bpq

server_board_s2600bpqr

server_board_s2600bps

server_board_s2600bpsr

server_board_s2600stb

server_board_s2600stbr

server_board_s2600stq

server_board_s2600stqr

server_board_s2600wf0

server_board_s2600wf0r

server_board_s2600wfq

server_board_s2600wfqr

server_board_s2600wft

server_board_s2600wftr

server_system_r1208wfqysr

server_system_r1208wftys

server_system_r1208wftysr

server_system_r1304wf0ys

server_system_r1304wf0ysr

server_system_r1304wftys

server_system_r1304wftysr

server_system_r2208wf0zs

server_system_r2208wf0zsr

server_system_r2208wfqzs

server_system_r2208wfqzsr

server_system_r2208wftzs

server_system_r2208wftzsr

server_system_r2224wfqzs

server_system_r2224wftzs

server_system_r2224wftzsr

server_system_r2308wftzs

server_system_r2308wftzsr

server_system_r2312wf0np

server_system_r2312wf0npr

server_system_r2312wfqzs

server_system_r2312wftzs

server_system_r2312wftzsr

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-787

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-06-09T20:15:08.050

4 years ago

Last modified

2021-07-01T19:55:23.507

4 years ago