Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00434
HistoryFeb 09, 2021 - 12:00 a.m.

Intel® Server Boards, Server Systems and Compute Modules Advisory

2021-02-0900:00:00
Intel Security Center
www.intel.com
8
JSON

Summary:

Potential security vulnerabilities in some Intel® Server Boards, Server Systems and Compute Modules Baseboard Management Controller (BMC) firmware may allow escalation of privilege or information disclosure.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-12374

Description: Buffer overflow in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-12377

Description: Insufficient input validation in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2020-12380

Description: Out of bounds read in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2020-12375

Description: Heap overflow in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2020-12376

Description: Use of hard-coded key in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 3.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products:

Intel® Server System R1000WF and R2000WF Families

Intel® Server Board S2600WF Family

Intel® Server Board S2600ST Family

Intel® Compute Module HNS2600BP Family

Intel® Server Board S2600BP Family

Recommendation:

Intel recommends updating the BMC firmware for the affected Intel® Server Boards, Server Systems, and Compute Modules to the latest version:

Intel® Server Systems and Server Board WF Family updates are available here.

Intel® Server Board ST Family updates are available here.

Intel® Compute Module and Server Board BP Family updates are available here.

Acknowledgements:

The following issues were found internally by Intel employees. Intel would like to thank William Burton.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

prion 5
cve 5
threatpost 1
prion
prion
Heap overflow
2021-02-17 14:15:00
Buffer overflow
2021-02-19 16:15:00
Cross site scripting
2021-02-17 14:15:00
cve
cve
CVE-2020-12375
2021-02-17 14:15:00
CVE-2020-12374
2021-02-19 16:15:00
CVE-2020-12380
2021-02-17 14:15:00
threatpost
threatpost
Intel Squashes High-Severity Graphics Driver Flaws
2021-02-10 15:16:15
JSON
Related for INTEL:INTEL-SA-00434
prion5cve5threatpost1