Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24473

Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published

2021-06-09T20:15:08.050

Last Modified

2024-11-21T05:14:52.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	intel	baseboard_management_controller_firmware	< 2.48.ce3e3bd2	Yes
Hardware	intel	compute_module_hns2600bpb24r	-	No
Hardware	intel	compute_module_hns2600bpbr	-	No
Hardware	intel	compute_module_hns2600bpq24r	-	No
Hardware	intel	compute_module_hns2600bpqr	-	No
Hardware	intel	compute_module_hns2600bps24r	-	No
Hardware	intel	compute_module_hns2600bpsr	-	No
Hardware	intel	server_board_s2600bpb	-	No
Hardware	intel	server_board_s2600bpbr	-	No
Hardware	intel	server_board_s2600bpq	-	No
Hardware	intel	server_board_s2600bpqr	-	No
Hardware	intel	server_board_s2600bps	-	No
Hardware	intel	server_board_s2600bpsr	-	No
Hardware	intel	server_board_s2600stb	-	No
Hardware	intel	server_board_s2600stbr	-	No
Hardware	intel	server_board_s2600stq	-	No
Hardware	intel	server_board_s2600stqr	-	No
Hardware	intel	server_board_s2600wf0	-	No
Hardware	intel	server_board_s2600wf0r	-	No
Hardware	intel	server_board_s2600wfq	-	No
Hardware	intel	server_board_s2600wfqr	-	No
Hardware	intel	server_board_s2600wft	-	No
Hardware	intel	server_board_s2600wftr	-	No
Hardware	intel	server_system_r1208wfqysr	-	No
Hardware	intel	server_system_r1208wftys	-	No
Hardware	intel	server_system_r1208wftysr	-	No
Hardware	intel	server_system_r1304wf0ys	-	No
Hardware	intel	server_system_r1304wf0ysr	-	No
Hardware	intel	server_system_r1304wftys	-	No
Hardware	intel	server_system_r1304wftysr	-	No
Hardware	intel	server_system_r2208wf0zs	-	No
Hardware	intel	server_system_r2208wf0zsr	-	No
Hardware	intel	server_system_r2208wfqzs	-	No
Hardware	intel	server_system_r2208wfqzsr	-	No
Hardware	intel	server_system_r2208wftzs	-	No
Hardware	intel	server_system_r2208wftzsr	-	No
Hardware	intel	server_system_r2224wfqzs	-	No
Hardware	intel	server_system_r2224wftzs	-	No
Hardware	intel	server_system_r2224wftzsr	-	No
Hardware	intel	server_system_r2308wftzs	-	No
Hardware	intel	server_system_r2308wftzsr	-	No
Hardware	intel	server_system_r2312wf0np	-	No
Hardware	intel	server_system_r2312wf0npr	-	No
Hardware	intel	server_system_r2312wfqzs	-	No
Hardware	intel	server_system_r2312wftzs	-	No
Hardware	intel	server_system_r2312wftzsr	-	No

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html Vendor Advisory ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)