Potential security vulnerabilities in some Intel® Server Boards, Server Systems and Compute Modules Baseboard Management Controller (BMC) firmware may allow escalation of privilege or information disclosure.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2020-12374
Description: Buffer overflow in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-12377
Description: Insufficient input validation in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVEID: CVE-2020-12380
Description: Out of bounds read in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVEID: CVE-2020-12375
Description: Heap overflow in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 5.6 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVEID: CVE-2020-12376
Description: Use of hard-coded key in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Intel® Server System R1000WF and R2000WF Families
Intel® Server Board S2600WF Family
Intel® Server Board S2600ST Family
Intel® Compute Module HNS2600BP Family
Intel® Server Board S2600BP Family
Intel recommends updating the BMC firmware for the affected Intel® Server Boards, Server Systems, and Compute Modules to the latest version:
Intel® Server Systems and Server Board WF Family updates are available here.
Intel® Server Board ST Family updates are available here.
Intel® Compute Module and Server Board BP Family updates are available here.
The following issues were found internally by Intel employees. Intel would like to thank William Burton.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.