Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00384
HistoryAug 11, 2020 - 12:00 a.m.

Intel® Server Boards, Server Systems and Compute Modules Advisory

2020-08-1100:00:00
Intel Security Center
www.intel.com
3
JSON

Summary:

Potential security vulnerabilities in some Intel® Server Boards, Server Systems and Compute Modules may allow escalation of privilege or denial of service.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-8708

Description: Improper authentication for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 9.6 Critical

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8730

Description: Heap-based overflow for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8731

Description: Incorrect execution-assigned permissions in the file system for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8707

Description: Buffer overflow in daemon for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 8.3 High

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8719

Description: Buffer overflow in subsystem for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8721

Description: Improper input validation for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8710

Description: Buffer overflow in the bootloader for some Intel® Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8711

Description: Improper access control in the bootloader for some Intel® Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8712

Description: Buffer overflow in a verification process for some Intel® Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8718

Description: Buffer overflow in a subsystem for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8722

Description: Buffer overflow in a subsystem for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8732

Description: Heap-based buffer overflow in the firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 6.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVEID: CVE-2020-8709

Description: Improper authentication in socket services for some Intel® Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

CVEID: CVE-2020-8723

Description: Cross-site scripting for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

CVEID: CVE-2020-8713

Description: Improper authentication for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVEID: CVE-2020-8706

Description: Buffer overflow in a daemon for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CVEID: CVE-2020-8729

Description: Buffer copy without checking size of input for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 4.4 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVEID: CVE-2020-8715

Description: Invalid pointer for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CVEID: CVE-2020-8716

Description: Improper access control for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVEID: CVE-2020-8714

Description: Improper authentication for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 3.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVEID: CVE-2020-8717

Description: Improper input validation in a subsystem for some Intel Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2020-8720

Description: Buffer overflow in a subsystem for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 2.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L__

Affected Products:

Product Collection

|

Update Link

—|—

Intel® Server System R1000WT and R2000WT Families

Intel® Server Boards S2600WT Family

|

Update

Intel® Server Board S2600CW Family

|

Update

Intel® Compute Module HNS2600KP Family

Intel® Server Board S2600KP Family

|

Update

Intel® Compute Module HNS2600TP Family

Intel® Server Board S2600TP Family

|

Update

Intel® Server System R1000SP, LSVRP and LR1304SP Families

Intel® Server Board S1200SP Family

|

Update

Intel® Server System R1000WF and R2000WF Families

Intel® Server Board S2600WF Family

|

Update

Intel® Server Board S2600ST Family

|

Update

Intel® Compute Module HNS2600BP Family

Intel® Server Board S2600BP Family

|

Update

Recommendations:

Intel recommends updating to the latest firmware version (see provided table).

Please see the Update Links listed in the above table for update download locations.

Acknowledgements:

Intel would like to thank Dmytro Oleksiuk for reporting CVE-2020-8706, CVE-2020-8707 and CVE-2020-8708.

CVE-2020-8710, CVE-2020-8711 and CVE-2020-8712 were found internally by Ryan Hall of Intel’s DCG Red Team. All other CVE’s were found internally by Michael N. Henry of Intel’s DCG Red Team.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

threatpost 1
cve 22
prion 22
threatpost
threatpost
Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules
2020-08-11 20:02:22
cve
cve
CVE-2020-8732
2020-08-13 03:15:00
CVE-2020-8721
2020-08-13 03:15:00
CVE-2020-8722
2020-08-13 03:15:00
prion
prion
Buffer overflow
2020-08-13 03:15:00
Input validation
2020-08-13 03:15:00
Heap overflow
2020-08-13 03:15:00
JSON
Related for INTEL:INTEL-SA-00384
threatpost1cve22prion22