Vulnerabilities > CVE-2020-24473 - Out-of-bounds Write vulnerability in Intel Baseboard Management Controller Firmware 2.18

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

intel

CWE-787

NVD

Published: 2021-06-09

Updated: 2021-07-01

Summary

Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel Baseboard Management Controller Firmware - Intel Baseboard Management Controller Firmware 2.18	2
Hardware	Intel Intel Compute Module Hns2600Bpb24R - Intel Compute Module Hns2600Bpbr - Intel Compute Module Hns2600Bpq24R - Intel Compute Module Hns2600Bpqr - Intel Compute Module Hns2600Bps24R - Intel Compute Module Hns2600Bpsr - Intel Server Board S2600Bpb - Intel Server Board S2600Bpbr - Intel Server Board S2600Bpq - Intel Server Board S2600Bpqr - Intel Server Board S2600Bps - Intel Server Board S2600Bpsr - Intel Server Board S2600Wf0 - Intel Server Board S2600Wf0R - Intel Server Board S2600Wfq - Intel Server Board S2600Wfqr - Intel Server Board S2600Wft - Intel Server Board S2600Wftr - Intel Server System R1208Wfqysr - Intel Server System R1208Wftys - Intel Server System R1208Wftysr - Intel Server System R1304Wf0Ys - Intel Server System R1304Wf0Ysr - Intel Server System R1304Wftys - Intel Server System R1304Wftysr - Intel Server System R2208Wf0Zs - Intel Server System R2208Wf0Zsr - Intel Server System R2208Wfqzs - Intel Server System R2208Wfqzsr - Intel Server System R2208Wftzs - Intel Server System R2208Wftzsr - Intel Server System R2224Wfqzs - Intel Server Board S2600Stb - Intel Server Board S2600Stbr - Intel Server Board S2600Stq - Intel Server Board S2600Stqr - Intel Server System R2224Wftzs - Intel Server System R2224Wftzsr - Intel Server System R2308Wftzs - Intel Server System R2308Wftzsr - Intel Server System R2312Wf0Np - Intel Server System R2312Wf0Npr - Intel Server System R2312Wfqzs - Intel Server System R2312Wftzs - Intel Server System R2312Wftzsr -	45

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html