Buffer overflow in Intel products - CVE-2020-12373
Published: February 10, 2021 / Updated: June 21, 2021
Vulnerability identifier: #VU50585
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-12373
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Intel Server System R1000WF
Intel Server System R2000WF
Intel Server Board S2600WF
Intel Server Board S2600ST
Intel Compute Module HNS2600BP
Intel Server Board S2600BP
Intel Server System R1000WF
Intel Server System R2000WF
Intel Server Board S2600WF
Intel Server Board S2600ST
Intel Compute Module HNS2600BP
Intel Server Board S2600BP
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47. A local privileged user can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
How to mitigate CVE-2020-12373
Install updates from vendor's website.