Lucene search

[email protected]CVE-2020-12300

HistoryAug 13, 2020 - 4:15 a.m.

CVE-2020-12300

2020-08-1304:15:13

CWE-824

[email protected]

web.nvd.nist.gov

cve-2020-12300

intel

server board

bios firmware

escalation of privilege

vulnerability

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Uninitialized pointer in BIOS firmware for Intel® Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

NVD

Node

intels2600cw2Match-

AND

intels2600cw2_firmwareRange<01.01.0029

Node

intels2600cw2sMatch-

AND

intels2600cw2s_firmwareRange<01.01.0029

Node

intels2600cwtMatch-

AND

intels2600cwt_firmwareRange<01.01.0029

Node

intels2600cwtsMatch-

AND

intels2600cwts_firmwareRange<01.01.0029

Node

intels2600cw2rMatch-

AND

intels2600cw2r_firmwareRange<01.01.0029

Node

intels2600cw2srMatch-

AND

intels2600cw2sr_firmwareRange<01.01.0029

Node

intels2600cwtrMatch-

AND

intels2600cwtr_firmwareRange<01.01.0029

Node

intels2600cwtsrMatch-

AND

intels2600cwtsr_firmwareRange<01.01.0029

Node

intels2600kp_firmwareRange<01.01.0029

AND

intels2600kpMatch-

Node

intels2600kpf_firmwareRange<01.01.0029

AND

intels2600kpfMatch-

Node

intels2600kpr_firmwareRange<01.01.0029

AND

intels2600kprMatch-

Node

intels2600kpfr_firmwareRange<01.01.0029

AND

intels2600kpfrMatch-

Node

intels2600kptr_firmwareRange<01.01.0029

AND

intels2600kptrMatch-

Node

intels2600tp_firmwareRange<01.01.0029

AND

intels2600tpMatch-

Node

intels2600tpf_firmwareRange<01.01.0029

AND

intels2600tpfMatch-

Node

intels2600tpfr_firmwareRange<01.01.0029

AND

intels2600tpfrMatch-

Node

intels2600tpnr_firmwareRange<01.01.0029

AND

intels2600tpnrMatch-

Node

intels2600tpr_firmwareRange<01.01.0029

AND

intels2600tprMatch-

Node

intels2600wt2_firmwareRange<01.01.0029

AND

intels2600wt2Match-

Node

intels2600wtt_firmwareRange<01.01.0029

AND

intels2600wttMatch-

Node

intels2600wttr_firmwareRange<01.01.0029

AND

intels2600wttrMatch-

Node

intels2600wt2r_firmwareRange<01.01.0029

AND

intels2600wt2rMatch-

Node

intels2600wtts1r_firmwareRange<01.01.0029

AND

intels2600wtts1rMatch-

CPENameOperatorVersion
intel:s2600cw2_firmwareintel s2600cw2 firmwarelt01.01.0029

CPE	Name	Operator	Version
intel:s2600cw2_firmware	intel s2600cw2 firmware	lt	01.01.0029

CNA Affected

[
  {
    "product": "Intel(R) Server Board Families Advisory",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "See provided reference"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20200814-0001/

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00367.html

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-12300

cvelist1 prion1 nvd1 intel1