Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12376

Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.

Published

2021-02-17T14:15:15.810

Last Modified

2024-11-21T04:59:36.473

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	intel	bmc_firmware	< 2.47	Yes
Hardware	intel	hns2600bpb	-	No
Hardware	intel	hns2600bpb24	-	No
Hardware	intel	hns2600bpb24r	-	No
Hardware	intel	hns2600bpblc	-	No
Hardware	intel	hns2600bpblc24	-	No
Hardware	intel	hns2600bpblc24r	-	No
Hardware	intel	hns2600bpbr	-	No
Hardware	intel	hns2600bpq	-	No
Hardware	intel	hns2600bpq24	-	No
Hardware	intel	hns2600bpq24r	-	No
Hardware	intel	hns2600bpqr	-	No
Hardware	intel	hns2600bps	-	No
Hardware	intel	hns2600bps24	-	No
Hardware	intel	hns2600bps24r	-	No
Hardware	intel	hns2600bpsr	-	No
Hardware	intel	r1000wf	-	No
Hardware	intel	r1208wfqysr	-	No
Hardware	intel	r1208wftys	-	No
Hardware	intel	r1208wftysr	-	No
Hardware	intel	r1304wf0ys	-	No
Hardware	intel	r1304wf0ysr	-	No
Hardware	intel	r1304wftys	-	No
Hardware	intel	r1304wftysr	-	No
Hardware	intel	r2208wf0zs	-	No
Hardware	intel	r2208wf0zsr	-	No
Hardware	intel	r2208wfqzs	-	No
Hardware	intel	r2208wfqzsr	-	No
Hardware	intel	r2208wftzs	-	No
Hardware	intel	r2208wftzsr	-	No
Hardware	intel	r2224wfqzs	-	No
Hardware	intel	r2224wftzs	-	No
Hardware	intel	r2224wftzsr	-	No
Hardware	intel	r2308wftzs	-	No
Hardware	intel	r2308wftzsr	-	No
Hardware	intel	r2312wf0np	-	No
Hardware	intel	r2312wf0npr	-	No
Hardware	intel	r2312wfqzs	-	No
Hardware	intel	r2312wftzs	-	No
Hardware	intel	r2312wftzsr	-	No
Hardware	intel	s2600bpbr	-	No
Hardware	intel	s2600bpqr	-	No
Hardware	intel	s2600bpsr	-	No
Hardware	intel	s2600stb	-	No
Hardware	intel	s2600stq	-	No
Hardware	intel	s2600wf0	-	No
Hardware	intel	s2600wfq	-	No
Hardware	intel	s2600wft	-	No

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html Patch, Vendor Advisory ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)