HPSBHF03715 rev. 1 - Intel® Optane™ DC Persistent Memory Software February 2021 Security Update
2021-02-05T00:00:00
ID HP:C07019625 Type hp Reporter HP, HP Product Security Response Team (PSRT) Modified 2021-02-05T00:00:00
Description
Potential Security Impact
Escalation of Privilege
Source: HP, HP Product Security Response Team (PSRT)
Reported By: Intel
VULNERABILITY SUMMARY
Intel has informed HP of a potential security vulnerability identified in the Intel® Optane™ DC Persistent Memory installer for Windows* Server 2019 which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.
RESOLUTION
Intel has released updates to mitigate the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerability. See the affected platforms listed below.
Newer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.
{"id": "HP:C07019625", "bulletinFamily": "software", "title": "HPSBHF03715 rev. 1 - Intel\u00ae Optane\u2122 DC Persistent Memory Software February 2021 Security Update", "description": "## Potential Security Impact\nEscalation of Privilege \n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Intel \n\n## VULNERABILITY SUMMARY\nIntel has informed HP of a potential security vulnerability identified in the Intel\u00ae Optane\u2122 DC Persistent Memory installer for Windows* Server 2019 which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. \n\n## RESOLUTION\nIntel has released updates to mitigate the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerability. See the affected platforms listed below. \n\nNewer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model. \n", "published": "2021-02-05T00:00:00", "modified": "2021-02-05T00:00:00", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://support.hp.com/us-en/document/c07019625", "reporter": "HP, HP Product Security Response Team (PSRT)", "references": [], "cvelist": ["CVE-2020-24451"], "type": "hp", "lastseen": "2021-02-25T17:32:04", "edition": 2, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-24451"]}, {"type": "lenovo", "idList": ["LENOVO:PS500395-INTEL-OPTANE-DC-PERSISTENT-MEMORY-ADVISORY-NOSID"]}], "modified": "2021-02-25T17:32:04", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-02-25T17:32:04", "rev": 2}, "vulnersScore": 5.8}, "affectedSoftware": [{"name": "hp z8 g4 workstation", "operator": "lt", "version": "01.00.00.3506"}, {"name": "hp z6 g4 workstation", "operator": "lt", "version": "01.00.00.3506"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-25T14:50:54", "description": "Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access.", "edition": 2, "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-17T14:15:00", "title": "CVE-2020-24451", "type": "cve", "cwe": ["CWE-427"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24451"], "modified": "2021-02-23T14:48:00", "cpe": [], "id": "CVE-2020-24451", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24451", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "lenovo": [{"lastseen": "2021-02-25T15:27:36", "bulletinFamily": "info", "cvelist": ["CVE-2020-24451"], "description": "**Lenovo Security Advisory: **LEN-51724\n\n**Potential Impact: **Privilege escalation\n\n**Severity: **Medium\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2020-24451\n\n**Summary Description:**\n\nIntel reported a potential security vulnerability in the Intel Optane DC Persistent Memory installer for Windows Server 2019 that may allow escalation of privilege.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nIntel recommends updating the Intel Optane DC Persistent Memory software for Windows Server 2019 to the latest version as indicated for your model in the Product Impact section below.\n", "edition": 3, "modified": "2021-02-19T15:20:48", "published": "2021-02-09T17:14:33", "id": "LENOVO:PS500395-INTEL-OPTANE-DC-PERSISTENT-MEMORY-ADVISORY-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500395-intel-optane-dc-persistent-memory-advisory", "title": "Intel Optane DC Persistent Memory Advisory - Lenovo Support US", "type": "lenovo", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}]}
