Lucene search

IntelCVE-2020-0572

HistoryNov 12, 2020 - 7:15 p.m.

CVE-2020-0572

2020-11-1219:15:12

CWE-20

intel

web.nvd.nist.gov

cve-2020-0572

intel

server board

s2600st

s2600wf

firmware

input validation

privilege escalation

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Improper input validation in the firmware for Intel® Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

Nvd

Node

intelserver_board_s2600st_firmwareRange<02.01.0011

AND

intelserver_board_s2600stbrMatch-

intelserver_board_s2600stqrMatch-

Node

intelserver_board_s2600wf_firmwareRange<02.01.0012

AND

intelserver_board_s2600wf0rMatch-

intelserver_board_s2600wfqrMatch-

intelserver_board_s2600wftrMatch-

VendorProductVersionCPE
intelserver_board_s2600st_firmware*cpe:2.3:o:intel:server_board_s2600st_firmware:*:*:*:*:*:*:*:*
intelserver_board_s2600stbr-cpe:2.3:h:intel:server_board_s2600stbr:-:*:*:*:*:*:*:*
intelserver_board_s2600stqr-cpe:2.3:h:intel:server_board_s2600stqr:-:*:*:*:*:*:*:*
intelserver_board_s2600wf_firmware*cpe:2.3:o:intel:server_board_s2600wf_firmware:*:*:*:*:*:*:*:*
intelserver_board_s2600wf0r-cpe:2.3:h:intel:server_board_s2600wf0r:-:*:*:*:*:*:*:*
intelserver_board_s2600wfqr-cpe:2.3:h:intel:server_board_s2600wfqr:-:*:*:*:*:*:*:*
intelserver_board_s2600wftr-cpe:2.3:h:intel:server_board_s2600wftr:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	server_board_s2600st_firmware	*	cpe:2.3:o:intel:server_board_s2600st_firmware::::::::
intel	server_board_s2600stbr	-	cpe:2.3:h:intel:server_board_s2600stbr:-:::::::*
intel	server_board_s2600stqr	-	cpe:2.3:h:intel:server_board_s2600stqr:-:::::::*
intel	server_board_s2600wf_firmware	*	cpe:2.3:o:intel:server_board_s2600wf_firmware::::::::
intel	server_board_s2600wf0r	-	cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::*
intel	server_board_s2600wfqr	-	cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::*
intel	server_board_s2600wftr	-	cpe:2.3:h:intel:server_board_s2600wftr:-:::::::*

CNA Affected

[
  {
    "product": "Intel(R) Server Board S2600ST and S2600WF families",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "See references"
      }
    ]
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00439

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-0572