Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00456
HistoryFeb 09, 2021 - 12:00 a.m.

Intel® Ethernet Controllers Advisory

2021-02-0900:00:00
Intel Security Center
www.intel.com
5

0.001 Low

EPSS

Percentile

27.0%

JSON

Summary:

Potential security vulnerabilities in some Intel® Ethernet Controllers may allow denial of service.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-24492

Description: Insufficient access control in the firmware for the Intel® 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2020-24493

Description: Insufficient access control in the firmware for the Intel® 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2020-24495

Description: Insufficient access control in the firmware for the Intel® 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2020-24498

Description: Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2020-24494

Description: Insufficient access control in the firmware for the Intel® 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVEID: CVE-2020-24497

Description: Insufficient Access Control in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVEID: CVE-2020-24501

Description: Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 3.5 Low

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CVEID: CVE-2020-24496

Description: Insufficient input validation in the firmware for Intel® 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 3.4 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CVEID: CVE-2020-24505

Description: Insufficient input validation in the firmware for the Intel® 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 3.4 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CVEID: CVE-2020-24500

Description: Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: Low 2.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Affected Products:

Intel® 700-series Ethernet Controllers before version 7.3.

Intel® 700-series Ethernet Controllers before version 8.0.

Intel® 722 Ethernet Controllers before version 1.4.3.

Intel® E810 Ethernet Controllers before version 1.4.1.13.

Recommendations:

Intel recommends updating the Intel® Ethernet Controller firmware to the latest version.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/support/products/36773/network-and-i-o/ethernet-products.html&gt;

Acknowledgements:

These issues were found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

lenovo 1
hp 1
f5 2
cve 10
nvd 10
cvelist 10
prion 10
lenovo
lenovo
Intel Ethernet Controllers Advisory - Lenovo Support NL
2021-02-09 21:37:09
hp
hp
HPSBHF03717 rev. 3 - Intel® Ethernet Controllers February 2021 Security Updates
2021-02-06 00:00:00
f5
f5
K85738358 : Intel Ethernet Controller vulnerabilities CVE-2020-24497, CVE-2020-24498, CVE-2020-24500, CVE-2020-24501, and CVE-2020-24505
2021-03-25 00:00:00
K91610944 : Intel Ethernet controller vulnerabilities CVE-2020-24492, CVE-2020-24493, CVE-2020-24494, CVE-2020-24495, CVE-2020-24496
2021-03-25 00:00:00
cve
cve
CVE-2020-24501
2021-02-17 14:15:18
CVE-2020-24505
2021-02-17 14:15:18
CVE-2020-24496
2021-02-17 14:15:17
nvd
nvd
CVE-2020-24501
2021-02-17 14:15:18
CVE-2020-24505
2021-02-17 14:15:18
CVE-2020-24492
2021-02-17 14:15:17
cvelist
cvelist
CVE-2020-24501
2021-02-17 13:42:32
CVE-2020-24505
2021-02-17 13:42:47
CVE-2020-24496
2021-02-17 13:42:40
prion
prion
Input validation
2021-02-17 14:15:00
Buffer overflow
2021-02-17 14:15:00
Improper access control
2021-02-17 14:15:00

0.001 Low

EPSS

Percentile

27.0%

JSON
Related for INTEL:INTEL-SA-00456
lenovo1hp1f52cve10nvd10cvelist10prion10