CVE-2020-7207

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

CVSS v3 6.8 MEDIUM
CVSS v2.0 7.2 HIGH

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:apollo_2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:apollo_2000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:apollo_4200_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:apollo_4200_gen10:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:apollo_4500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:apollo_4500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:proliant_xl230k_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl230k_gen10:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:proliant_xl270d_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl270d_gen10:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:proliant_bl460c_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl460c_gen10:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:proliant_dl120_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl120_gen10:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:proliant_dl160_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl160_gen10:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:hp:proliant_dl180_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl180_gen10:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:hp:proliant_dl360_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl360_gen10:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:hp:proliant_dl380_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl380_gen10:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:hp:proliant_dl560_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl560_gen10:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:hp:proliant_dl580_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl580_gen10:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:hp:proliant_ml110_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml110_gen10:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:hp:proliant_ml350_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml350_gen10:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:hp:synergy_480_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:synergy_480_gen10:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:hp:synergy_660_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:synergy_660_gen10:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:hp:proliant_e910_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_e910:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:hp:proliant_xl170r_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl170r_gen10:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:hp:proliant_xl190r_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl190r_gen10:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:hp:proliant_xl230k_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl230k_gen10:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:hp:proliant_xl450_gen10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl450_gen10:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-11-05 21:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-7207

Mitre link : CVE-2020-7207

CVE.ORG link : CVE-2020-7207

JSON object : View

Products Affected

proliant_dl360_gen10_firmware
proliant_xl190r_gen10
proliant_dl380_gen10_firmware
proliant_dl180_gen10
proliant_xl270d_gen10_firmware
proliant_dl160_gen10_firmware
synergy_660_gen10
proliant_bl460c_gen10
proliant_dl120_gen10
proliant_xl270d_gen10
apollo_4200_gen10_firmware
proliant_dl560_gen10
proliant_dl120_gen10_firmware
proliant_e910
apollo_4500
apollo_4500_firmware
proliant_dl160_gen10
proliant_ml350_gen10
proliant_dl380_gen10
proliant_xl190r_gen10_firmware
proliant_bl460c_gen10_firmware
apollo_2000_firmware
synergy_660_gen10_firmware
proliant_xl170r_gen10
proliant_dl580_gen10_firmware
proliant_xl450_gen10
proliant_dl360_gen10
synergy_480_gen10
proliant_ml350_gen10_firmware
proliant_xl230k_gen10
proliant_xl170r_gen10_firmware
apollo_4200_gen10
proliant_dl180_gen10_firmware
proliant_dl580_gen10
proliant_xl230k_gen10_firmware
synergy_480_gen10_firmware
proliant_xl450_gen10_firmware
proliant_dl560_gen10_firmware
proliant_ml110_gen10
apollo_2000
proliant_ml110_gen10_firmware
proliant_e910_firmware

CWE

NVD-CWE-noinfo

6.8 /10