A potential security vulnerability in Intel® Modular Server MFS2600KI Compute Module may allow escalation of privilege or denial of service.** Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Modular Server MFS2600KI Compute Module.**
CVEID: CVE-2020-0578
Description: Improper conditions check for Intel® Modular Server MFS2600KI Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVEID: CVE-2020-0576
Description: Buffer overflow in Intel® Modular Server MFS2600KI Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2020-0577
Description: Insufficient control flow for Intel® Modular Server MFS2600KI Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Intel® Modular Server MFS2600KI Compute Module, all versions.
Intel has issued a Product Discontinuation notice for Intel® Modular Server MFS2600KI Compute Module and recommends that users of the Intel® Modular Server MFS2600KI Compute Module to discontinue use at their earliest convenience.
The following issues were found internally by Intel employees. Intel would like to thank Michael N. Henry from the DCG Red Team.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.