K85738358 : Intel Ethernet Controller vulnerabilities CVE-2020-24497, CVE-2020-24498, CVE-2020-24500, CVE-2020-24501, and CVE-2020-24505

2021-03-2500:00:00

my.f5.com

intel

ethernet controller

vulnerabilities

cve-2020-24497

cve-2020-24498

cve-2020-24500

cve-2020-24501

cve-2020-24505

insufficient access control

buffer overflow

denial of service

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Security Advisory Description

CVE-2020-24497

Insufficient Access Control in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.

CVE-2020-24498

Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.

CVE-2020-24500

Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.

CVE-2020-24501

Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVE-2020-24505

Insufficient input validation in the firmware for the Intel® 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.

Impact

This vulnerability may allow a privileged user to potentially enable denial of service (DoS) by way of local access.