8
CVE-2020-24474
- EPSS 0.14%
- Veröffentlicht 09.06.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:14:52
- Quelle secure@intel.com
- Teams Watchlist Login
- Unerledigt Login
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Intel ≫ Baseboard Management Controller Firmware Version < 2.48.ce3e3bd2
Intel ≫ Compute Module Hns2600bpb24r Version-
Intel ≫ Compute Module Hns2600bpbr Version-
Intel ≫ Compute Module Hns2600bpq24r Version-
Intel ≫ Compute Module Hns2600bpqr Version-
Intel ≫ Compute Module Hns2600bps24r Version-
Intel ≫ Compute Module Hns2600bpsr Version-
Intel ≫ Server Board S2600bpb Version-
Intel ≫ Server Board S2600bpbr Version-
Intel ≫ Server Board S2600bpq Version-
Intel ≫ Server Board S2600bpqr Version-
Intel ≫ Server Board S2600bps Version-
Intel ≫ Server Board S2600bpsr Version-
Intel ≫ Server Board S2600stb Version-
Intel ≫ Server Board S2600stbr Version-
Intel ≫ Server Board S2600stq Version-
Intel ≫ Server Board S2600stqr Version-
Intel ≫ Server Board S2600wf0 Version-
Intel ≫ Server Board S2600wf0r Version-
Intel ≫ Server Board S2600wfq Version-
Intel ≫ Server Board S2600wfqr Version-
Intel ≫ Server Board S2600wft Version-
Intel ≫ Server Board S2600wftr Version-
Intel ≫ Server System R1208wfqysr Version-
Intel ≫ Server System R1208wftys Version-
Intel ≫ Server System R1208wftysr Version-
Intel ≫ Server System R1304wf0ys Version-
Intel ≫ Server System R1304wf0ysr Version-
Intel ≫ Server System R1304wftys Version-
Intel ≫ Server System R1304wftysr Version-
Intel ≫ Server System R2208wf0zs Version-
Intel ≫ Server System R2208wf0zsr Version-
Intel ≫ Server System R2208wfqzs Version-
Intel ≫ Server System R2208wfqzsr Version-
Intel ≫ Server System R2208wftzs Version-
Intel ≫ Server System R2208wftzsr Version-
Intel ≫ Server System R2224wfqzs Version-
Intel ≫ Server System R2224wftzs Version-
Intel ≫ Server System R2224wftzsr Version-
Intel ≫ Server System R2308wftzs Version-
Intel ≫ Server System R2308wftzsr Version-
Intel ≫ Server System R2312wf0np Version-
Intel ≫ Server System R2312wf0npr Version-
Intel ≫ Server System R2312wfqzs Version-
Intel ≫ Server System R2312wftzs Version-
Intel ≫ Server System R2312wftzsr Version-
Intel ≫ Compute Module Hns2600bpbr Version-
Intel ≫ Compute Module Hns2600bpq24r Version-
Intel ≫ Compute Module Hns2600bpqr Version-
Intel ≫ Compute Module Hns2600bps24r Version-
Intel ≫ Compute Module Hns2600bpsr Version-
Intel ≫ Server Board S2600bpb Version-
Intel ≫ Server Board S2600bpbr Version-
Intel ≫ Server Board S2600bpq Version-
Intel ≫ Server Board S2600bpqr Version-
Intel ≫ Server Board S2600bps Version-
Intel ≫ Server Board S2600bpsr Version-
Intel ≫ Server Board S2600stb Version-
Intel ≫ Server Board S2600stbr Version-
Intel ≫ Server Board S2600stq Version-
Intel ≫ Server Board S2600stqr Version-
Intel ≫ Server Board S2600wf0 Version-
Intel ≫ Server Board S2600wf0r Version-
Intel ≫ Server Board S2600wfq Version-
Intel ≫ Server Board S2600wfqr Version-
Intel ≫ Server Board S2600wft Version-
Intel ≫ Server Board S2600wftr Version-
Intel ≫ Server System R1208wfqysr Version-
Intel ≫ Server System R1208wftys Version-
Intel ≫ Server System R1208wftysr Version-
Intel ≫ Server System R1304wf0ys Version-
Intel ≫ Server System R1304wf0ysr Version-
Intel ≫ Server System R1304wftys Version-
Intel ≫ Server System R1304wftysr Version-
Intel ≫ Server System R2208wf0zs Version-
Intel ≫ Server System R2208wf0zsr Version-
Intel ≫ Server System R2208wfqzs Version-
Intel ≫ Server System R2208wfqzsr Version-
Intel ≫ Server System R2208wftzs Version-
Intel ≫ Server System R2208wftzsr Version-
Intel ≫ Server System R2224wfqzs Version-
Intel ≫ Server System R2224wftzs Version-
Intel ≫ Server System R2224wftzsr Version-
Intel ≫ Server System R2308wftzs Version-
Intel ≫ Server System R2308wftzsr Version-
Intel ≫ Server System R2312wf0np Version-
Intel ≫ Server System R2312wf0npr Version-
Intel ≫ Server System R2312wfqzs Version-
Intel ≫ Server System R2312wftzs Version-
Intel ≫ Server System R2312wftzsr Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.304 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5.2 | 5.1 | 6.4 |
AV:A/AC:L/Au:S/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.