Improper Authentication in Intel products - CVE-2020-8708

 

Improper Authentication in Intel products - CVE-2020-8708

Published: August 14, 2020 / Updated: August 14, 2020


Vulnerability identifier: #VU45704
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-8708
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Intel
Affected software:
Intel Server System R1000WT
Intel Server System R2000WT
Intel Server Boards S2600WT
Intel Server Board S2600CW
Intel Compute Module HNS2600KP
Intel Server Board S2600KP
Intel Compute Module HNS2600TP
Intel Server Board S2600TP
Intel Server System R1000SP
Intel Server System LSVRP
Intel Server System LR1304SP
Intel Server Board S1200SP
Intel Server System R1000WF
Intel Server System R2000WF
Intel Server Board S2600WF
Intel Server Board S2600ST
Intel Compute Module HNS2600BP
Intel Server Board S2600BP

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.


How to mitigate CVE-2020-8708

Install updates from vendor's website.

Sources