Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7207

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.8, with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 42 products from hp, from hp, from hp and 39 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2020, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2020-11-05T21:15:13.063

Last Modified

2024-11-21T05:36:49.840

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	apollo_2000_firmware	-	Yes
Hardware	hp	apollo_2000	-	No
Operating System	hp	apollo_4200_gen10_firmware	-	Yes
Hardware	hp	apollo_4200_gen10	-	No
Operating System	hp	apollo_4500_firmware	-	Yes
Hardware	hp	apollo_4500	-	No
Operating System	hp	proliant_xl230k_gen10_firmware	-	Yes
Hardware	hp	proliant_xl230k_gen10	-	No
Operating System	hp	proliant_xl270d_gen10_firmware	-	Yes
Hardware	hp	proliant_xl270d_gen10	-	No
Operating System	hp	proliant_bl460c_gen10_firmware	-	Yes
Hardware	hp	proliant_bl460c_gen10	-	No
Operating System	hp	proliant_dl120_gen10_firmware	-	Yes
Hardware	hp	proliant_dl120_gen10	-	No
Operating System	hp	proliant_dl160_gen10_firmware	-	Yes
Hardware	hp	proliant_dl160_gen10	-	No
Operating System	hp	proliant_dl180_gen10_firmware	-	Yes
Hardware	hp	proliant_dl180_gen10	-	No
Operating System	hp	proliant_dl360_gen10_firmware	-	Yes
Hardware	hp	proliant_dl360_gen10	-	No
Operating System	hp	proliant_dl380_gen10_firmware	-	Yes
Hardware	hp	proliant_dl380_gen10	-	No
Operating System	hp	proliant_dl560_gen10_firmware	-	Yes
Hardware	hp	proliant_dl560_gen10	-	No
Operating System	hp	proliant_dl580_gen10_firmware	-	Yes
Hardware	hp	proliant_dl580_gen10	-	No
Operating System	hp	proliant_ml110_gen10_firmware	-	Yes
Hardware	hp	proliant_ml110_gen10	-	No
Operating System	hp	proliant_ml350_gen10_firmware	-	Yes
Hardware	hp	proliant_ml350_gen10	-	No
Operating System	hp	synergy_480_gen10_firmware	-	Yes
Hardware	hp	synergy_480_gen10	-	No
Operating System	hp	synergy_660_gen10_firmware	-	Yes
Hardware	hp	synergy_660_gen10	-	No
Operating System	hp	proliant_e910_firmware	-	Yes
Hardware	hp	proliant_e910	-	No
Operating System	hp	proliant_xl170r_gen10_firmware	-	Yes
Hardware	hp	proliant_xl170r_gen10	-	No
Operating System	hp	proliant_xl190r_gen10_firmware	-	Yes
Hardware	hp	proliant_xl190r_gen10	-	No
Operating System	hp	proliant_xl230k_gen10_firmware	-	Yes
Hardware	hp	proliant_xl230k_gen10	-	No
Operating System	hp	proliant_xl450_gen10_firmware	-	Yes
Hardware	hp	proliant_xl450_gen10	-	No

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For hp's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.