Potential security vulnerabilities in some Intel® Server Boards, Server Systems and Compute Modules may allow escalation of privilege or denial of service.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2020-8708
Description: Improper authentication for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 9.6 Critical
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8730
Description: Heap-based overflow for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8731
Description: Incorrect execution-assigned permissions in the file system for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8707
Description: Buffer overflow in daemon for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 8.3 High
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8719
Description: Buffer overflow in subsystem for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8721
Description: Improper input validation for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8710
Description: Buffer overflow in the bootloader for some Intel® Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8711
Description: Improper access control in the bootloader for some Intel® Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8712
Description: Buffer overflow in a verification process for some Intel® Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8718
Description: Buffer overflow in a subsystem for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8722
Description: Buffer overflow in a subsystem for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-8732
Description: Heap-based buffer overflow in the firmware for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 6.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVEID: CVE-2020-8709
Description: Improper authentication in socket services for some Intel® Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
CVEID: CVE-2020-8723
Description: Cross-site scripting for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 5.4 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
CVEID: CVE-2020-8713
Description: Improper authentication for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVEID: CVE-2020-8706
Description: Buffer overflow in a daemon for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CVEID: CVE-2020-8729
Description: Buffer copy without checking size of input for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 4.4 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVEID: CVE-2020-8715
Description: Invalid pointer for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access.
CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2020-8716
Description: Improper access control for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2020-8714
Description: Improper authentication for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVEID: CVE-2020-8717
Description: Improper input validation in a subsystem for some Intel Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 3.3 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2020-8720
Description: Buffer overflow in a subsystem for some Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 2.3 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L__
Product Collection
|
Update Link
—|—
Intel® Server System R1000WT and R2000WT Families
Intel® Server Boards S2600WT Family
|
Intel® Server Board S2600CW Family
|
Intel® Compute Module HNS2600KP Family
Intel® Server Board S2600KP Family
|
Intel® Compute Module HNS2600TP Family
Intel® Server Board S2600TP Family
|
Intel® Server System R1000SP, LSVRP and LR1304SP Families
Intel® Server Board S1200SP Family
|
Intel® Server System R1000WF and R2000WF Families
Intel® Server Board S2600WF Family
|
Intel® Server Board S2600ST Family
|
Intel® Compute Module HNS2600BP Family
Intel® Server Board S2600BP Family
|
Intel recommends updating to the latest firmware version (see provided table).
Please see the Update Links listed in the above table for update download locations.
Intel would like to thank Dmytro Oleksiuk for reporting CVE-2020-8706, CVE-2020-8707 and CVE-2020-8708.
CVE-2020-8710, CVE-2020-8711 and CVE-2020-8712 were found internally by Ryan Hall of Intel’s DCG Red Team. All other CVE’s were found internally by Michael N. Henry of Intel’s DCG Red Team.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.