CVE-2020-12299 - OpenCVE

Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	S2600bpbr S2600bpbr Firmware S2600bpqr S2600bpqr Firmware S2600bpsr S2600bpsr Firmware S2600stbr S2600stbr Firmware S2600stqr S2600stqr Firmware S2600wf0r S2600wf0r Firmware S2600wfqr S2600wfqr Firmware S2600wftr S2600wftr Firmware

Configuration 1 [-]

AND

cpe:2.3:h:intel:s2600stqr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s2600stqr_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:intel:s2600stbr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s2600stbr_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:intel:s2600bpsr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s2600bpsr_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:intel:s2600bpbr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s2600bpbr_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:intel:s2600bpqr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s2600bpqr_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:intel:s2600wftr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s2600wftr_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:intel:s2600wf0r:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s2600wf0r_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:intel:s2600wfqr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s2600wfqr_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20200814-0001/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00367.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2020-08-13T03:26:55

Updated: 2024-08-04T11:56:50.593Z

Reserved: 2020-04-28T00:00:00

Link: CVE-2020-12299

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-13T04:15:12.990

Modified: 2020-08-19T17:55:59.997

Link: CVE-2020-12299

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object