CVE-2020-24474

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CVSS v3 8.0 HIGH
CVSS v2.0 5.2 MEDIUM

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.2^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html	Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpbr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpqr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpsr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bps:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpsr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wft:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wftr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wfqysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0np:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0npr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzsr:-:::::::*

History

21 Nov 2024, 05:14

Type	Values Removed	Values Added
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html - Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html - Vendor Advisory

01 Jul 2021, 19:51

Type	Values Removed	Values Added
CPE		cpe:2.3:h:intel:server_system_r2308wftzsr:-:::::::* cpe:2.3:h:intel:server_system_r2312wf0np:-:::::::* cpe:2.3:h:intel:server_board_s2600stqr:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:::::::* cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::* cpe:2.3:h:intel:server_system_r1208wfqysr:-:::::::* cpe:2.3:h:intel:server_system_r2208wftzs:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bps24r:-:::::::* cpe:2.3:h:intel:server_system_r2312wftzs:-:::::::* cpe:2.3:h:intel:server_board_s2600wfq:-:::::::* cpe:2.3:h:intel:server_board_s2600wftr:-:::::::* cpe:2.3:h:intel:server_system_r2208wftzsr:-:::::::* cpe:2.3:h:intel:server_board_s2600wft:-:::::::* cpe:2.3:h:intel:server_system_r2208wfqzs:-:::::::* cpe:2.3:h:intel:server_board_s2600bpbr:-:::::::* cpe:2.3:h:intel:server_board_s2600bpq:-:::::::* cpe:2.3:h:intel:server_system_r1208wftys:-:::::::* cpe:2.3:h:intel:server_system_r2312wfqzs:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpbr:-:::::::* cpe:2.3:h:intel:server_system_r1304wf0ysr:-:::::::* cpe:2.3:h:intel:server_system_r2208wfqzsr:-:::::::* cpe:2.3:h:intel:server_board_s2600wf0:-:::::::* cpe:2.3:h:intel:server_board_s2600bpsr:-:::::::* cpe:2.3:h:intel:server_system_r2208wf0zs:-:::::::* cpe:2.3:h:intel:server_board_s2600bpb:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpqr:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpsr:-:::::::* cpe:2.3:h:intel:server_system_r1208wftysr:-:::::::* cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::* cpe:2.3:o:intel:baseboard_management_controller_firmware:::::::: cpe:2.3:h:intel:server_system_r1304wf0ys:-:::::::* cpe:2.3:h:intel:server_system_r2224wfqzs:-:::::::* cpe:2.3:h:intel:server_system_r2308wftzs:-:::::::* cpe:2.3:h:intel:server_system_r1304wftys:-:::::::* cpe:2.3:h:intel:server_board_s2600stb:-:::::::* cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:::::::* cpe:2.3:h:intel:server_system_r2312wftzsr:-:::::::* cpe:2.3:h:intel:server_system_r1304wftysr:-:::::::* cpe:2.3:h:intel:server_system_r2312wf0npr:-:::::::* cpe:2.3:h:intel:server_system_r2224wftzsr:-:::::::* cpe:2.3:h:intel:server_board_s2600stq:-:::::::* cpe:2.3:h:intel:server_board_s2600bps:-:::::::* cpe:2.3:h:intel:server_board_s2600bpqr:-:::::::* cpe:2.3:h:intel:server_board_s2600stbr:-:::::::* cpe:2.3:h:intel:server_system_r2208wf0zsr:-:::::::* cpe:2.3:h:intel:server_system_r2224wftzs:-:::::::*
CWE		CWE-120
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.2 v3 : 8.0

09 Jun 2021, 20:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-06-09 20:15

Updated : 2024-11-21 05:14

NVD link : CVE-2020-24474

Mitre link : CVE-2020-24474

CVE.ORG link : CVE-2020-24474

JSON object : View

Products Affected

intel

server_board_s2600bpb
compute_module_hns2600bpq24r
server_system_r2208wfqzsr
server_system_r1208wftys
server_system_r1304wf0ys
server_system_r1208wfqysr
server_board_s2600wft
server_board_s2600bps
server_board_s2600stb
server_system_r2208wftzsr
compute_module_hns2600bpsr
server_system_r1208wftysr
server_board_s2600wf0r
server_board_s2600bpsr
server_board_s2600wfqr
server_board_s2600stqr
server_system_r2208wfqzs
server_system_r2312wftzs
server_board_s2600stq
compute_module_hns2600bpbr
server_board_s2600bpqr
compute_module_hns2600bps24r
server_board_s2600wftr
server_system_r2208wf0zsr
server_system_r2208wftzs
server_system_r2224wftzs
server_system_r1304wftys
server_board_s2600bpq
server_board_s2600wfq
server_system_r2224wftzsr
server_system_r2312wfqzs
server_system_r2308wftzsr
server_system_r2224wfqzs
server_system_r1304wf0ysr
server_system_r2312wftzsr
server_system_r1304wftysr
compute_module_hns2600bpb24r
server_system_r2308wftzs
server_system_r2208wf0zs
server_board_s2600bpbr
server_system_r2312wf0npr
server_board_s2600wf0
baseboard_management_controller_firmware
server_system_r2312wf0np
compute_module_hns2600bpqr
server_board_s2600stbr

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

8.0 /10