Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7207

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

Published

2020-11-05T21:15:13.063

Last Modified

2024-11-21T05:36:49.840

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	apollo_2000_firmware	-	Yes
Hardware	hp	apollo_2000	-	No
Operating System	hp	apollo_4200_gen10_firmware	-	Yes
Hardware	hp	apollo_4200_gen10	-	No
Operating System	hp	apollo_4500_firmware	-	Yes
Hardware	hp	apollo_4500	-	No
Operating System	hp	proliant_xl230k_gen10_firmware	-	Yes
Hardware	hp	proliant_xl230k_gen10	-	No
Operating System	hp	proliant_xl270d_gen10_firmware	-	Yes
Hardware	hp	proliant_xl270d_gen10	-	No
Operating System	hp	proliant_bl460c_gen10_firmware	-	Yes
Hardware	hp	proliant_bl460c_gen10	-	No
Operating System	hp	proliant_dl120_gen10_firmware	-	Yes
Hardware	hp	proliant_dl120_gen10	-	No
Operating System	hp	proliant_dl160_gen10_firmware	-	Yes
Hardware	hp	proliant_dl160_gen10	-	No
Operating System	hp	proliant_dl180_gen10_firmware	-	Yes
Hardware	hp	proliant_dl180_gen10	-	No
Operating System	hp	proliant_dl360_gen10_firmware	-	Yes
Hardware	hp	proliant_dl360_gen10	-	No
Operating System	hp	proliant_dl380_gen10_firmware	-	Yes
Hardware	hp	proliant_dl380_gen10	-	No
Operating System	hp	proliant_dl560_gen10_firmware	-	Yes
Hardware	hp	proliant_dl560_gen10	-	No
Operating System	hp	proliant_dl580_gen10_firmware	-	Yes
Hardware	hp	proliant_dl580_gen10	-	No
Operating System	hp	proliant_ml110_gen10_firmware	-	Yes
Hardware	hp	proliant_ml110_gen10	-	No
Operating System	hp	proliant_ml350_gen10_firmware	-	Yes
Hardware	hp	proliant_ml350_gen10	-	No
Operating System	hp	synergy_480_gen10_firmware	-	Yes
Hardware	hp	synergy_480_gen10	-	No
Operating System	hp	synergy_660_gen10_firmware	-	Yes
Hardware	hp	synergy_660_gen10	-	No
Operating System	hp	proliant_e910_firmware	-	Yes
Hardware	hp	proliant_e910	-	No
Operating System	hp	proliant_xl170r_gen10_firmware	-	Yes
Hardware	hp	proliant_xl170r_gen10	-	No
Operating System	hp	proliant_xl190r_gen10_firmware	-	Yes
Hardware	hp	proliant_xl190r_gen10	-	No
Operating System	hp	proliant_xl230k_gen10_firmware	-	Yes
Hardware	hp	proliant_xl230k_gen10	-	No
Operating System	hp	proliant_xl450_gen10_firmware	-	Yes
Hardware	hp	proliant_xl450_gen10	-	No

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)