Lucene search

[email protected]CVE-2020-12375

HistoryFeb 17, 2021 - 2:15 p.m.

CVE-2020-12375

2021-02-1714:15:15

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-12375

intel

server

bmc firmware

heap overflow

privilege escalation

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Heap overflow in the BMC firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

NVD

Node

intelbmc_firmwareRange<2.47

AND

intelhns2600bpbMatch-

intelhns2600bpb24Match-

intelhns2600bpb24rMatch-

intelhns2600bpblcMatch-

intelhns2600bpblc24Match-

intelhns2600bpblc24rMatch-

intelhns2600bpbrMatch-

intelhns2600bpqMatch-

intelhns2600bpq24Match-

intelhns2600bpq24rMatch-

intelhns2600bpqrMatch-

intelhns2600bpsMatch-

intelhns2600bps24Match-

intelhns2600bps24rMatch-

intelhns2600bpsrMatch-

intelr1000wfMatch-

intelr1208wfqysrMatch-

intelr1208wftysMatch-

intelr1208wftysrMatch-

intelr1304wf0ysMatch-

intelr1304wf0ysrMatch-

intelr1304wftysMatch-

intelr1304wftysrMatch-

intelr2208wf0zsMatch-

intelr2208wf0zsrMatch-

intelr2208wfqzsMatch-

intelr2208wfqzsrMatch-

intelr2208wftzsMatch-

intelr2208wftzsrMatch-

intelr2224wfqzsMatch-

intelr2224wftzsMatch-

intelr2224wftzsrMatch-

intelr2308wftzsMatch-

intelr2308wftzsrMatch-

intelr2312wf0npMatch-

intelr2312wf0nprMatch-

intelr2312wfqzsMatch-

intelr2312wftzsMatch-

intelr2312wftzsrMatch-

intels2600bpbrMatch-

intels2600bpqrMatch-

intels2600bpsrMatch-

intels2600stbMatch-

intels2600stqMatch-

intels2600wf0Match-

intels2600wfqMatch-

intels2600wftMatch-

CPENameOperatorVersion
intel:bmc_firmwareintel bmc firmwarelt2.47

CPE	Name	Operator	Version
intel:bmc_firmware	intel bmc firmware	lt	2.47

CNA Affected

[
  {
    "product": "Intel(R) Server Boards, Server Systems and Compute Modules",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before version 2.47"
      }
    ]
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-12375

prion1 cvelist1 nvd1 intel1