Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.
References
| Link | Resource |
|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
22 Feb 2021, 20:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:intel:hns2600bpq24r:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpb24r:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2208wftzs:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2208wftzsr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2312wf0npr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:s2600bpqr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:s2600wfq:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpq:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2308wftzs:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r1304wftys:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpblc24:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpqr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2208wfqzs:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2208wfqzsr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r1208wftys:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2312wfqzs:-:*:*:*:*:*:*:* cpe:2.3:o:intel:bmc_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:intel:r2224wftzs:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2224wftzsr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2312wftzs:-:*:*:*:*:*:*:* cpe:2.3:h:intel:s2600bpsr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:s2600wft:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpblc:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r1304wf0ysr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:s2600stb:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2312wf0np:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpsr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r1208wftysr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2224wfqzs:-:*:*:*:*:*:*:* cpe:2.3:h:intel:s2600bpbr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r1304wftysr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpb:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r1000wf:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bps:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2312wftzsr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2208wf0zsr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpbr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpb24:-:*:*:*:*:*:*:* cpe:2.3:h:intel:s2600wf0:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpblc24r:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r1304wf0ys:-:*:*:*:*:*:*:* cpe:2.3:h:intel:s2600stq:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bps24r:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bpq24:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2308wftzsr:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r2208wf0zs:-:*:*:*:*:*:*:* cpe:2.3:h:intel:hns2600bps24:-:*:*:*:*:*:*:* cpe:2.3:h:intel:r1208wfqysr:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
| CWE | CWE-798 | |
| References | (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html - Patch, Vendor Advisory |
17 Feb 2021, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-02-17 14:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-12376
Mitre link : CVE-2020-12376
CVE.ORG link : CVE-2020-12376
JSON object : View
Products Affected
intel
- hns2600bpsr
- r1208wfqysr
- s2600wfq
- hns2600bpq24
- s2600stq
- r2208wftzsr
- hns2600bps24r
- s2600bpqr
- r1000wf
- hns2600bpqr
- s2600bpbr
- r2208wf0zs
- r2224wftzsr
- hns2600bpb24
- r1304wftysr
- s2600wf0
- hns2600bpbr
- r2308wftzs
- r2308wftzsr
- r2312wf0npr
- s2600bpsr
- hns2600bpb
- hns2600bps
- s2600wft
- hns2600bpblc24
- r2208wf0zsr
- r1208wftysr
- r1304wftys
- r2208wfqzsr
- r2208wfqzs
- bmc_firmware
- r2224wftzs
- r2312wftzsr
- r2312wftzs
- hns2600bpblc
- r2208wftzs
- hns2600bpq24r
- hns2600bpb24r
- hns2600bpq
- r1208wftys
- r1304wf0ys
- r2224wfqzs
- hns2600bps24
- r2312wf0np
- s2600stb
- hns2600bpblc24r
- r2312wfqzs
- r1304wf0ysr
CWE
CWE-798
Use of Hard-coded Credentials