Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00380
HistoryNov 10, 2020 - 12:00 a.m.

Intel® Ethernet 700 Series Controller Advisory

2020-11-1000:00:00
Intel Security Center
www.intel.com
11

0.0004 Low

EPSS

Percentile

12.8%

JSON

Summary:

Potential security vulnerabilities in Intel® Ethernet 700 Series Controllers may allow escalation of privilege and/or denial of service.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-8693

Description: Improper buffer restrictions in the firmware of the Intel® Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

CVEID: CVE-2020-8692

Description: Insufficient access control in the firmware of the Intel® Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2020-8690

Description: Protection mechanism failure in Intel® Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVEID: CVE-2020-8691

Description: A logic issue in the firmware of the Intel® Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Affected Products:

Intel® Ethernet 700 Series Controllers before version 7.3.

Recommendations:

Intel recommends updating Intel® Ethernet 700 Series Controllers to version 7.3 or later.

Updates are available for download at this location:

<https://downloadcenter.intel.com/download/25790/Non-Volatile-Memory-NVM-Update-Utility-for-Intel-Ethernet-Adapters-700-Series-Windows-?product=36773&gt;

Acknowledgements:

These issues were found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

hp 1
f5 1
lenovo 1
prion 4
cve 4
nvd 4
cvelist 4
hp
hp
HPSBHF03701 rev. 2 - Intel® Ethernet 700 Series Controller November 2020 Security Update
2020-11-06 00:00:00
f5
f5
K28563873 : Intel Ethernet 700 Series Controllers vulnerabilities CVE-2020-8690, CVE-2020-8691, CVE-2020-8692, and CVE-2020-8693
2021-01-19 00:00:00
lenovo
lenovo
Intel® Ethernet 700 Series Controller Advisory - Lenovo Support NL
2020-11-13 21:32:22
prion
prion
Design/Logic Flaw
2020-11-12 18:15:00
Buffer overflow
2020-11-12 18:15:00
Improper access control
2020-11-12 18:15:00
cve
cve
CVE-2020-8691
2020-11-12 18:15:16
CVE-2020-8693
2020-11-12 18:15:16
CVE-2020-8692
2020-11-12 18:15:16
nvd
nvd
CVE-2020-8691
2020-11-12 18:15:16
CVE-2020-8693
2020-11-12 18:15:16
CVE-2020-8692
2020-11-12 18:15:16
cvelist
cvelist
CVE-2020-8692
2020-11-12 18:01:05
CVE-2020-8691
2020-11-12 18:01:25
CVE-2020-8693
2020-11-12 18:00:51

0.0004 Low

EPSS

Percentile

12.8%

JSON
Related for INTEL:INTEL-SA-00380
hp1f51lenovo1prion4cve4nvd4cvelist4