Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00367
HistoryAug 11, 2020 - 12:00 a.m.

Intel® Server Board Families Advisory

2020-08-1100:00:00
Intel Security Center
www.intel.com
13

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary:

Potential security vulnerabilities in some Intel® Server Board Families may allow escalation of privilege.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-12300

Description: Uninitialized pointer in BIOS firmware for Intel® Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-12301

Description: Improper initialization in BIOS firmware for Intel® Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-12299__

Description: Improper input validation in BIOS firmware for Intel® Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L

Affected Products:

CVE-2020-12299

· Intel® Server Board S2600ST Family

· Intel® Server Board S2600BP Family

· Intel® Server Board S2600WF Family

CVE-2020-12300

· Intel® Server Board S2600CW Family

· Intel® Server Board S2600KP Family

· Intel® Server Board S2600TP Family

· Intel® Server Board S2600WT Family

CVE-2020-12301

· Intel® Server Board S2600ST Family

· Intel® Server Board S2600BP Family

· Intel® Server Board S2600WF Family

Recommendations:

Intel recommends updating to latest BIOS firmware available.

Updates are available for download at these locations:

· Intel® Server Board S2600ST Family

· Intel® Server Board S2600BP Family

· Intel® Server Board S2600WF Family

· Intel® Server Board S2600CW Family

· Intel® Server Board S2600KP Family

· Intel® Server Board S2600TP Family

· Intel® Server Board S2600WT Family

Acknowledgements:

CVE-2020-12300 and CVE-2020-12301 were found externally. CVE-2020-12300 was found internally by Intel employees.

Intel would like to thank Dmitry Frolov CVE-2020-12300, Alexander Ermolov CVE-2020-12301 for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

nvd 3
prion 3
cvelist 3
cve 3
nvd
nvd
CVE-2020-12301
2020-08-13 04:15:13
CVE-2020-12299
2020-08-13 04:15:12
CVE-2020-12300
2020-08-13 04:15:13
prion
prion
Input validation
2020-08-13 04:15:00
Input validation
2020-08-13 04:15:00
Code injection
2020-08-13 04:15:00
cvelist
cvelist
CVE-2020-12299
2020-08-13 03:26:55
CVE-2020-12300
2020-08-13 03:25:52
CVE-2020-12301
2020-08-13 03:26:30
cve
cve
CVE-2020-12299
2020-08-13 04:15:12
CVE-2020-12301
2020-08-13 04:15:13
CVE-2020-12300
2020-08-13 04:15:13

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for INTEL:INTEL-SA-00367
nvd3prion3cvelist3cve3