CVE-2020-24474

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CVSS v3 8.0 HIGH
CVSS v2.0 5.2 MEDIUM

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.2^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpbr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpqr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpsr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bps:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpsr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wft:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wftr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wfqysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0np:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0npr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzsr:-:::::::*

History

01 Jul 2021, 19:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.2 v3 : 8.0
CWE		CWE-120
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html - Vendor Advisory
CPE		cpe:2.3:h:intel:server_board_s2600bpq:-:::::::* cpe:2.3:h:intel:server_board_s2600bps:-:::::::* cpe:2.3:h:intel:server_system_r1304wftysr:-:::::::* cpe:2.3:h:intel:server_system_r2208wfqzs:-:::::::* cpe:2.3:h:intel:server_system_r2224wfqzs:-:::::::* cpe:2.3:h:intel:server_system_r2308wftzs:-:::::::* cpe:2.3:h:intel:server_board_s2600wftr:-:::::::* cpe:2.3:h:intel:server_system_r1208wftys:-:::::::* cpe:2.3:h:intel:server_system_r2208wftzs:-:::::::* cpe:2.3:h:intel:server_system_r2312wf0npr:-:::::::* cpe:2.3:h:intel:server_system_r2224wftzs:-:::::::* cpe:2.3:h:intel:server_system_r2208wf0zs:-:::::::* cpe:2.3:h:intel:server_system_r2312wftzs:-:::::::* cpe:2.3:h:intel:server_system_r2208wftzsr:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:::::::* cpe:2.3:h:intel:server_board_s2600stqr:-:::::::* cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::* cpe:2.3:h:intel:server_system_r1304wftys:-:::::::* cpe:2.3:h:intel:server_system_r1208wfqysr:-:::::::* cpe:2.3:h:intel:server_system_r2208wfqzsr:-:::::::* cpe:2.3:h:intel:server_board_s2600bpbr:-:::::::* cpe:2.3:h:intel:server_board_s2600stq:-:::::::* cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::* cpe:2.3:h:intel:server_board_s2600bpsr:-:::::::* cpe:2.3:h:intel:server_system_r2312wfqzs:-:::::::* cpe:2.3:h:intel:server_system_r2312wf0np:-:::::::* cpe:2.3:h:intel:server_board_s2600bpqr:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpqr:-:::::::* cpe:2.3:o:intel:baseboard_management_controller_firmware:::::::: cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:::::::* cpe:2.3:h:intel:server_system_r1208wftysr:-:::::::* cpe:2.3:h:intel:server_board_s2600stbr:-:::::::* cpe:2.3:h:intel:server_system_r2308wftzsr:-:::::::* cpe:2.3:h:intel:server_board_s2600stb:-:::::::* cpe:2.3:h:intel:server_system_r1304wf0ysr:-:::::::* cpe:2.3:h:intel:server_board_s2600wfq:-:::::::* cpe:2.3:h:intel:server_board_s2600wft:-:::::::* cpe:2.3:h:intel:server_system_r2312wftzsr:-:::::::* cpe:2.3:h:intel:server_board_s2600bpb:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpbr:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpsr:-:::::::* cpe:2.3:h:intel:server_board_s2600wf0:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bps24r:-:::::::* cpe:2.3:h:intel:server_system_r1304wf0ys:-:::::::* cpe:2.3:h:intel:server_system_r2208wf0zsr:-:::::::* cpe:2.3:h:intel:server_system_r2224wftzsr:-:::::::*

09 Jun 2021, 20:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-06-09 20:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-24474

Mitre link : CVE-2020-24474

CVE.ORG link : CVE-2020-24474

JSON object : View

Products Affected

intel

compute_module_hns2600bpb24r
server_system_r2312wfqzs
server_board_s2600stqr
server_system_r2208wfqzsr
compute_module_hns2600bps24r
server_system_r2208wftzsr
server_board_s2600wft
server_board_s2600bpsr
server_board_s2600stb
server_board_s2600wf0
server_system_r1304wf0ys
server_system_r2224wfqzs
server_board_s2600bpbr
server_board_s2600stq
server_system_r2224wftzs
server_system_r1208wftys
compute_module_hns2600bpqr
server_board_s2600wftr
server_board_s2600wfqr
server_system_r2208wfqzs
server_board_s2600bpqr
server_system_r1208wftysr
server_system_r1208wfqysr
server_system_r2312wf0np
compute_module_hns2600bpq24r
server_system_r1304wftys
server_system_r2308wftzs
compute_module_hns2600bpbr
server_board_s2600bps
server_system_r1304wf0ysr
server_system_r2312wf0npr
server_board_s2600bpq
server_system_r2312wftzsr
server_system_r1304wftysr
server_system_r2208wftzs
server_system_r2224wftzsr
compute_module_hns2600bpsr
server_board_s2600wf0r
server_system_r2208wf0zs
server_board_s2600wfq
server_system_r2208wf0zsr
server_system_r2312wftzs
server_board_s2600stbr
baseboard_management_controller_firmware
server_system_r2308wftzsr
server_board_s2600bpb

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

8.0 /10