fkie_cve-2020-24474
Vulnerability from fkie_nvd
Published
2021-06-09 20:15
Modified
2024-11-21 05:14
Summary
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
Impacted products
Vendor Product Version
intel baseboard_management_controller_firmware *
intel compute_module_hns2600bpb24r -
intel compute_module_hns2600bpbr -
intel compute_module_hns2600bpq24r -
intel compute_module_hns2600bpqr -
intel compute_module_hns2600bps24r -
intel compute_module_hns2600bpsr -
intel server_board_s2600bpb -
intel server_board_s2600bpbr -
intel server_board_s2600bpq -
intel server_board_s2600bpqr -
intel server_board_s2600bps -
intel server_board_s2600bpsr -
intel server_board_s2600stb -
intel server_board_s2600stbr -
intel server_board_s2600stq -
intel server_board_s2600stqr -
intel server_board_s2600wf0 -
intel server_board_s2600wf0r -
intel server_board_s2600wfq -
intel server_board_s2600wfqr -
intel server_board_s2600wft -
intel server_board_s2600wftr -
intel server_system_r1208wfqysr -
intel server_system_r1208wftys -
intel server_system_r1208wftysr -
intel server_system_r1304wf0ys -
intel server_system_r1304wf0ysr -
intel server_system_r1304wftys -
intel server_system_r1304wftysr -
intel server_system_r2208wf0zs -
intel server_system_r2208wf0zsr -
intel server_system_r2208wfqzs -
intel server_system_r2208wfqzsr -
intel server_system_r2208wftzs -
intel server_system_r2208wftzsr -
intel server_system_r2224wfqzs -
intel server_system_r2224wftzs -
intel server_system_r2224wftzsr -
intel server_system_r2308wftzs -
intel server_system_r2308wftzsr -
intel server_system_r2312wf0np -
intel server_system_r2312wf0npr -
intel server_system_r2312wfqzs -
intel server_system_r2312wftzs -
intel server_system_r2312wftzsr -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C278DDFA-5747-405C-ACBD-410AE6AC9793",
              "versionEndExcluding": "2.48.ce3e3bd2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAE24DF-2226-459C-9BCE-8A062577D6D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:compute_module_hns2600bpbr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "345D9886-97FD-497C-9413-6A7BEAA6A3CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B368AC9-CEDA-4D9A-BE58-384E01E581A1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:compute_module_hns2600bpqr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC923696-6BD3-47BB-A87A-92005F9969F4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:compute_module_hns2600bps24r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC8912C2-F121-4684-B264-871708D17E69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:compute_module_hns2600bpsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB1A914A-D272-4CB0-9094-94C1FF4F3085",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600bpb:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E7B114F-1EA0-40D5-BA2D-8EC268A30530",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600bpbr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF2A748-40E2-4F2E-9516-78C9E6DBA4AF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600bpq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C243BA0-42DD-417A-B080-F102A3C53CCD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600bpqr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5674D660-DEB6-4AF9-8B0D-F57ECC4DC533",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600bps:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2EB283-D51C-495C-A645-AD27293A25FC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600bpsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76ACEDD9-68F4-4EFE-9725-16447C18291C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600stb:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F140D92-17D3-47BB-AF30-CBF219450E4B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600stbr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED55C57-4279-4453-8C8F-33F45CA4C5E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600stq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54E28FB7-CD61-4281-8CBC-6BA488C3465C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600stqr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "340FD4CA-6B38-406F-A219-4D6D33816327",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600wf0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CCCE537-4860-4225-BB53-338B7345FDC2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600wf0r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "625A36EB-4866-4272-A886-7271B849C86B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600wfq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A13732C9-E6D3-4415-ABBF-1DF5ED372AC8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600wfqr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DECC4837-716C-415A-B1A2-09B727081CE5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600wft:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B373425D-4369-46A8-BFEE-B60612CB2755",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_board_s2600wftr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167759CD-6F60-46AF-BE30-CAD113C482A8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r1208wfqysr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "834CDB1A-D6B0-448C-B042-423D34A2F4EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r1208wftys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8757A5AE-61C8-48A6-A54E-9C8DE425584C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r1208wftysr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5C90C22-4E86-420F-A062-C4ACA49DC1C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r1304wf0ys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFEA33CD-9910-402C-90EB-A922950E94CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r1304wf0ysr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87AF3933-2736-4F3F-A064-E92964321D4F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r1304wftys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF019AB7-0345-4562-BEF8-D2DB446514B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r1304wftysr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9899FE0-BCF1-4CF2-9851-4E711953B583",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2208wf0zs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DFF4A60-F4F7-4360-AF28-D792FBA3C017",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2208wf0zsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC77A0B-3B2C-4FE5-842B-F479A4D29BE9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2208wfqzs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "005DF7CE-D7F8-4607-86E0-79DE04920E1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2208wfqzsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC58518E-3BA2-4857-8F48-2C4BDD7FA0E1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2208wftzs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7EFE347-AC80-40C6-972E-0C0C53431844",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2208wftzsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92D49CF-66BA-4067-A97C-5C65277D015A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2224wfqzs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3155205F-03CB-44D4-954B-108B3E159F67",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2224wftzs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE01726B-70C4-472E-A042-1C28AA087ECB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2224wftzsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67D02251-2DEE-4AF6-BA12-2EB2DF9F4129",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2308wftzs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108399C1-CF18-43CB-841E-DD07EB0793B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2308wftzsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F6A510-B33D-4AC1-A9EC-71D3A5335531",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2312wf0np:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "477B1048-9672-4702-B62B-D494AF3D76D5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2312wf0npr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0473BCDE-85FE-419B-A866-711456D7BC18",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2312wfqzs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB82A2C-13F7-44B4-A34D-6E4F25974F5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2312wftzs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00C76F81-BAFA-44DE-8FB5-FC65037B26DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:intel:server_system_r2312wftzsr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAC3377-2300-4DED-A948-E026643DA14E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer en el firmware del BMC para algunas Intel\u00ae Server Boards, Server Systems and Compute Modules versiones anteriores a la versi\u00f3n 2.48.ce3e3bd2 puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de un acceso adyacente"
    }
  ],
  "id": "CVE-2020-24474",
  "lastModified": "2024-11-21T05:14:52.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.2,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-09T20:15:08.087",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…