7.2

CVE-2020-7207

EPSS 0.06%
Published 05.11.2020 21:15:13
Last modified 21.11.2024 05:36:49
Source security-alert@hpe.com
Teams watchlist Login
Open Login

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ Apollo 2000 Firmware Version-

Hp ≫ Apollo 2000 Version-

Hp ≫ Apollo 4200 Gen10 Firmware Version-

Hp ≫ Apollo 4200 Gen10 Version-

Hp ≫ Apollo 4500 Firmware Version-

Hp ≫ Apollo 4500 Version-

Hp ≫ Proliant Xl230k Gen10 Firmware Version-

Hp ≫ Proliant Xl230k Gen10 Version-

Hp ≫ Proliant Xl270d Gen10 Firmware Version-

Hp ≫ Proliant Xl270d Gen10 Version-

Hp ≫ Proliant Bl460c Gen10 Firmware Version-

Hp ≫ Proliant Bl460c Gen10 Version-

Hp ≫ Proliant Dl120 Gen10 Firmware Version-

Hp ≫ Proliant Dl120 Gen10 Version-

Hp ≫ Proliant Dl160 Gen10 Firmware Version-

Hp ≫ Proliant Dl160 Gen10 Version-

Hp ≫ Proliant Dl180 Gen10 Firmware Version-

Hp ≫ Proliant Dl180 Gen10 Version-

Hp ≫ Proliant Dl360 Gen10 Firmware Version-

Hp ≫ Proliant Dl360 Gen10 Version-

Hp ≫ Proliant Dl380 Gen10 Firmware Version-

Hp ≫ Proliant Dl380 Gen10 Version-

Hp ≫ Proliant Dl560 Gen10 Firmware Version-

Hp ≫ Proliant Dl560 Gen10 Version-

Hp ≫ Proliant Dl580 Gen10 Firmware Version-

Hp ≫ Proliant Dl580 Gen10 Version-

Hp ≫ Proliant Ml110 Gen10 Firmware Version-

Hp ≫ Proliant Ml110 Gen10 Version-

Hp ≫ Proliant Ml350 Gen10 Firmware Version-

Hp ≫ Proliant Ml350 Gen10 Version-

Hp ≫ Synergy 480 Gen10 Firmware Version-

Hp ≫ Synergy 480 Gen10 Version-

Hp ≫ Synergy 660 Gen10 Firmware Version-

Hp ≫ Synergy 660 Gen10 Version-

Hp ≫ Proliant E910 Firmware Version-

Hp ≫ Proliant E910 Version-

Hp ≫ Proliant Xl170r Gen10 Firmware Version-

Hp ≫ Proliant Xl170r Gen10 Version-

Hp ≫ Proliant Xl190r Gen10 Firmware Version-

Hp ≫ Proliant Xl190r Gen10 Version-

Hp ≫ Proliant Xl230k Gen10 Firmware Version-

Hp ≫ Proliant Xl230k Gen10 Version-

Hp ≫ Proliant Xl450 Gen10 Firmware Version-

Hp ≫ Proliant Xl450 Gen10 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.145

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7207

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7207

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7207

EUVD