CVE-2020-8710

EPSS 0.19%
Published 13.08.2020 03:15:15
Last modified 21.11.2024 05:39:18
Source secure@intel.com
Teams watchlist Login
Open Login

Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Intel ≫ Server Board S2600wt Firmware Version < 2.45

   Intel ≫ Server Board S2600wt2 Version-
   Intel ≫ Server Board S2600wt2r Version-
   Intel ≫ Server Board S2600wtt Version-
   Intel ≫ Server Board S2600wttr Version-

Intel ≫ Server System R1000wt Firmware Version < 2.45

   Intel ≫ Server System R1208wt2gs Version-
   Intel ≫ Server System R1208wt2gsr Version-
   Intel ≫ Server System R1208wttgs Version-
   Intel ≫ Server System R1208wttgsbpp Version-
   Intel ≫ Server System R1208wttgsr Version-
   Intel ≫ Server System R1304wt2gs Version-
   Intel ≫ Server System R1304wt2gsr Version-
   Intel ≫ Server System R1304wttgs Version-
   Intel ≫ Server System R1304wttgsr Version-

Intel ≫ Server System R2000wt Firmware Version < 2.45

Intel ≫ Server Board S2600cw Version < 2.45

   Intel ≫ Server Board S2600cw2 Version-
   Intel ≫ Server Board S2600cw2r Version-
   Intel ≫ Server Board S2600cw2s Version-
   Intel ≫ Server Board S2600cw2sr Version-
   Intel ≫ Server Board S2600cwt Version-
   Intel ≫ Server Board S2600cwtr Version-
   Intel ≫ Server Board S2600cwts Version-
   Intel ≫ Server Board S2600cwtsr Version-

Intel ≫ Compute Module Hns2600kp Firmware Version < 2.45

   Intel ≫ Compute Module Hns2600kp Version-
   Intel ≫ Compute Module Hns2600kpf Version-
   Intel ≫ Compute Module Hns2600kpfr Version-
   Intel ≫ Compute Module Hns2600kpr Version-

Intel ≫ Server Board S2600kp Firmware Version < 2.45

   Intel ≫ Server Board S2600kp Version-
   Intel ≫ Server Board S2600kpf Version-
   Intel ≫ Server Board S2600kpfr Version-
   Intel ≫ Server Board S2600kpr Version-
   Intel ≫ Server Board S2600kptr Version-

Intel ≫ Compute Module Hns2600tp Firmware Version < 2.45

   Intel ≫ Compute Module Hns2600tp Version-
   Intel ≫ Compute Module Hns2600tp24r Version-
   Intel ≫ Compute Module Hns2600tp24sr Version-
   Intel ≫ Compute Module Hns2600tpf Version-
   Intel ≫ Compute Module Hns2600tpfr Version-
   Intel ≫ Compute Module Hns2600tpr Version-

Intel ≫ Compute Module S2600tp Firmware Version < 2.45

   Intel ≫ Server Board S2600tp Version-
   Intel ≫ Server Board S2600tpf Version-
   Intel ≫ Server Board S2600tpfr Version-
   Intel ≫ Server Board S2600tpr Version-

Intel ≫ Server Board S1200sp Firmware Version < 2.45

   Intel ≫ Server Board S1200spl Version-
   Intel ≫ Server Board S1200splr Version-
   Intel ≫ Server Board S1200spo Version-
   Intel ≫ Server Board S1200spor Version-
   Intel ≫ Server Board S1200sps Version-
   Intel ≫ Server Board S1200spsr Version-

Intel ≫ Server System Lr1304sp Firmware Version < 2.45

   Intel ≫ Server System Lr1304spcfg1 Version-
   Intel ≫ Server System Lr1304spcfg1r Version-
   Intel ≫ Server System Lr1304spcfsgx1 Version-

Intel ≫ Server System Lsvrp Firmware Version < 2.45

Intel ≫ Server System Lsvrp4304es6xx1 Version-
Intel ≫ Server System Lsvrp4304es6xxr Version-

Intel ≫ Server System R1000sp Firmware Version < 2.45

   Intel ≫ Server System R1208sposhor Version-
   Intel ≫ Server System R1208sposhorr Version-
   Intel ≫ Server System R1304sposhbn Version-
   Intel ≫ Server System R1304sposhbnr Version-
   Intel ≫ Server System R1304sposhor Version-
   Intel ≫ Server System R1304sposhorr Version-

Intel ≫ Server Board S2600wf Firmware Version < 2.45

   Intel ≫ Server Board S2600wf0 Version-
   Intel ≫ Server Board S2600wf0r Version-
   Intel ≫ Server Board S2600wfq Version-
   Intel ≫ Server Board S2600wfqr Version-
   Intel ≫ Server Board S2600wft Version-
   Intel ≫ Server Board S2600wftr Version-

Intel ≫ Server System R1000wf Firmware Version < 2.45

Intel ≫ Server System R2000wf Firmware Version < 2.45

Intel ≫ Server Board S2600st Firmware Version < 2.45

   Intel ≫ Server Board S2600stb Version-
   Intel ≫ Server Board S2600stbr Version-
   Intel ≫ Server Board S2600stq Version-
   Intel ≫ Server Board S2600stqr Version-

Intel ≫ Compute Module Hns2600bp Firmware Version < 2.45

Intel ≫ Server Board S2600bp Firmware Version < 2.45

   Intel ≫ Server Board S2600bpb Version-
   Intel ≫ Server Board S2600bpbr Version-
   Intel ≫ Server Board S2600bpq Version-
   Intel ≫ Server Board S2600bpqr Version-
   Intel ≫ Server Board S2600bps Version-
   Intel ≫ Server Board S2600bpsr Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.384

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://security.netapp.com/advisory/ntap-20200814-0002/

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8710

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8710

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8710

EUVD