CVE-2020-24474 - OpenCVE

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Baseboard Management Controller Firmware Compute Module Hns2600bpb24r Compute Module Hns2600bpbr Compute Module Hns2600bpq24r Compute Module Hns2600bpqr Compute Module Hns2600bps24r Compute Module Hns2600bpsr Server Board S2600bpb Server Board S2600bpbr Server Board S2600bpq Server Board S2600bpqr Server Board S2600bps Server Board S2600bpsr Server Board S2600stb Server Board S2600stbr Server Board S2600stq Server Board S2600stqr Server Board S2600wf0 Server Board S2600wf0r Server Board S2600wfq Server Board S2600wfqr Server Board S2600wft Server Board S2600wftr Server System R1208wfqysr Server System R1208wftys Server System R1208wftysr Server System R1304wf0ys Server System R1304wf0ysr Server System R1304wftys Server System R1304wftysr Server System R2208wf0zs Server System R2208wf0zsr Server System R2208wfqzs Server System R2208wfqzsr Server System R2208wftzs Server System R2208wftzsr Server System R2224wfqzs Server System R2224wftzs Server System R2224wftzsr Server System R2308wftzs Server System R2308wftzsr Server System R2312wf0np Server System R2312wf0npr Server System R2312wfqzs Server System R2312wftzs Server System R2312wftzsr

Configuration 1 [-]

AND

cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpbr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpqr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpsr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bps:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpsr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wft:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wftr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wfqysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0np:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0npr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzsr:-:::::::*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2021-06-09T19:01:40

Updated: 2024-08-04T15:12:09.228Z

Reserved: 2020-08-19T00:00:00

Link: CVE-2020-24474

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-09T20:15:08.087

Modified: 2021-07-01T19:51:57.927

Link: CVE-2020-24474

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object