SB2021021013 - Multiple vulnerabilities in Intel Server Boards, Server Systems and Compute Modules

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021021013

SB2021021013 - Multiple vulnerabilities in Intel Server Boards, Server Systems and Compute Modules

Published: February 10, 2021 Updated: June 21, 2021

Security Bulletin ID SB2021021013
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2020-12373)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47. A local privileged user can  trigger memory corruption and execute arbitrary code on the target system with elevated privileges.



2) Improper input validation (CVE-ID: CVE-2020-12377)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a improper input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47. A local privileged user can  execute arbitrary code on the target system with elevated privileges.



3) Out-of-bounds read (CVE-ID: CVE-2020-12380)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47. A local user can trigger out-of-bounds read error and escalate privileges on the system.



4) Heap-based buffer overflow (CVE-ID: CVE-2020-12375)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47. A local user can a heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.



5) Use of hard-coded cryptographic key (CVE-ID: CVE-2020-12376)

The vulnerability allows a local user gain access to sensitive information.

The vulnerability exists due to usage of a hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47.A local user can gain access to sensitive information on the system.

Remediation

Install update from vendor's website.

References