cve-2020-12374
Vulnerability from cvelistv5
Published
2021-02-19 15:17
Modified
2024-08-04 11:56
Severity ?
Summary
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.
References
secure@intel.comhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
n/a Intel(R) Server Boards, Server Systems and Compute Modules Version: before version 2.47
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:56:51.655Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Intel(R) Server Boards, Server Systems and Compute Modules",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before version 2.47",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "escalation of privilege",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-02-19T15:17:24",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               ID: "CVE-2020-12374",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Intel(R) Server Boards, Server Systems and Compute Modules",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before version 2.47",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "escalation of privilege",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html",
                     refsource: "MISC",
                     url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2020-12374",
      datePublished: "2021-02-19T15:17:24",
      dateReserved: "2020-04-28T00:00:00",
      dateUpdated: "2024-08-04T11:56:51.655Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2020-12374\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2021-02-19T16:15:12.657\",\"lastModified\":\"2024-11-21T04:59:36.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento del búfer en el firmware de BMC para algunas Intel® Server Boards, Server Systems y Compute Modules versiones anteriores a 2.47, puede permitir a un usuario con privilegios habilitar potencialmente una escalada de privilegios por medio de un acceso local\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:bmc_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.47\",\"matchCriteriaId\":\"15CF9AD6-8F14-40FC-8657-8BC57B595ED2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F08CC45-9AC9-4A00-83B9-F9D4970B0DE8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpb24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F002684-C456-40F0-AA2A-97C79AE5EECA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpb24r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B4E1CD8-2A13-4BC9-87D9-24E9E0897500\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpblc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"796E437A-B972-4D30-B0A4-53366693C7DF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpblc24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D9CC284-540E-492A-A0E6-A193DEAD3102\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpblc24r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC9E77D-DDB7-41AB-8728-9782336C167B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpbr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE6E2091-967D-4BA1-B190-9A2D13FE4AFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24786B0E-36AC-4DBD-8778-DC836CF81CB1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpq24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"613CDC12-2D3E-4BF3-AE2D-DCDEBEAED03D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpq24r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0431FDBE-4A58-40B1-B635-225E5B9EDBBB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpqr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7138CA16-5DDA-4CAB-AF4F-6B4127C1055F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bps:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9EADDC0-0AAE-4445-9764-1C54E3898FFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bps24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E09B1290-FAD0-4869-A1FA-A4D12BB602CD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bps24r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86739A74-AE8B-4699-8C1B-AC5D30C4FA50\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:hns2600bpsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD891C11-B432-4B87-96BE-7C8BFA76E801\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r1000wf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D5E07CC-3948-4664-AE8E-0517D9D66211\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r1208wfqysr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85763067-E9E5-4418-A51F-FF3DD3710F9B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r1208wftys:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1DD69C7-9E7C-4569-9971-A06F77028BB7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r1208wftysr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3506908A-8081-4ADA-A986-E02415956AB4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r1304wf0ys:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DEF6206-E94C-4C16-8D91-AD776D62F79F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r1304wf0ysr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1E6AFA4-49E7-4191-9EA2-7E2EE269067B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r1304wftys:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A47AC30-315C-4E4B-BBBB-305FA5131281\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r1304wftysr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48054F35-53C1-4480-86E2-CB8260DD84B6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2208wf0zs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF575955-C7E1-4DD6-8AAE-5930EDFEDA93\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2208wf0zsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8029A5F9-E999-4BA9-AA77-14A73B83454E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2208wfqzs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B83196F-06BD-41D6-A6B8-C7ABD25CA238\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2208wfqzsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C54A6D-7193-4AC3-A1E5-3CE16DF54FCB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2208wftzs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30E49457-D38D-4145-81F2-7FA4D463CD24\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2208wftzsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB1E675-B059-4F28-8EBA-9FA5EF6E4044\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2224wfqzs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13C6540A-C5E4-46E5-BB7C-E4C53904AE68\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2224wftzs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D952C1D5-581F-4ADC-8DB5-3682DC8588CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2224wftzsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6DFA67-F1EE-4DBB-8E7B-CCDF097DC8BE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2308wftzs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EF6A93-7FDE-43A7-BB5D-1DD52318F60D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2308wftzsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3183B56-D5BB-4010-B2EE-3427D796D2A1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2312wf0np:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B6DF59-DF1E-4D9C-B574-37DC398B16AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2312wf0npr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"931E4D81-FAF0-4BFF-92E0-D5F653C5E845\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2312wfqzs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6982CB5F-4448-48D4-BD3A-782874AB2304\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2312wftzs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B14E3D1D-B614-458D-8F78-E25CC89B311E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:r2312wftzsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81818501-4F4A-4CED-895D-84D6DC139811\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:s2600bpbr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68606D69-C913-492A-A00E-3D899AB42595\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:s2600bpqr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D292D7D-1E22-440F-B30C-3C580AFE91C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:s2600bpsr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C89B4E6B-B742-4BCA-9547-B1C6059C6671\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:s2600stb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A08E8AD9-CA53-4F39-820E-D4A4D2D319EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:s2600stq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDFAF1C-E386-4F35-8A81-492713F10A92\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:s2600wf0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D8B99E9-63EF-45FA-AD23-1CEBDB3DD41E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:s2600wfq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F105271A-9DC1-42CE-9D19-E4A55BE1F04E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:s2600wft:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4BEA962-CEFF-429C-BB64-1C3FEA98FCE9\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.