CVE-2020-8721

Improper input validation for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 8.2 HIGH
CVSS v2.0 4.6 MEDIUM

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://security.netapp.com/advisory/ntap-20200814-0002/	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html	Vendor Advisory
https://security.netapp.com/advisory/ntap-20200814-0002/	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:server_board_s2600wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600wt2:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wt2r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wtt:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wttr:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:server_system_r1000wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r1208wt2gs:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wt2gsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgs:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgsbpp:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wt2gs:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wt2gsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wttgs:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wttgsr:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:server_system_r2000wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r2208wt2ys:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wt2ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttyc1:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttyc1r:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wttysr:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:server_board_s2600cw:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:intel:server_board_s2600cw2:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2r:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2s:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2sr:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwt:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwtr:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwts:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwtsr:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600kp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600kp:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpf:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpfr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpr:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:server_board_s2600kp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600kp:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpf:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpfr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kptr:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600tp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600tp:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tp24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tp24sr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpf:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpfr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpr:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:compute_module_s2600tp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600tp:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpf:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpfr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpr:-:::::::*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:server_board_s1200sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s1200spl:-:::::::*
	cpe:2.3:h:intel:server_board_s1200splr:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spo:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spor:-:::::::*
	cpe:2.3:h:intel:server_board_s1200sps:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spsr:-:::::::*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:server_system_lr1304sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lr1304spcfg1:-:::::::*
	cpe:2.3:h:intel:server_system_lr1304spcfg1r:-:::::::*
	cpe:2.3:h:intel:server_system_lr1304spcfsgx1:-:::::::*

Configuration 11 (hide)

AND

cpe:2.3:o:intel:server_system_lsvrp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lsvrp4304es6xx1:-:::::::*
	cpe:2.3:h:intel:server_system_lsvrp4304es6xxr:-:::::::*

Configuration 12 (hide)

AND

cpe:2.3:o:intel:server_system_r1000sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r1208sposhor:-:::::::*
	cpe:2.3:h:intel:server_system_r1208sposhorr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhbn:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhbnr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhor:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhorr:-:::::::*

Configuration 13 (hide)

AND

cpe:2.3:o:intel:server_board_s2600wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600wf0:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wft:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wftr:-:::::::*

Configuration 14 (hide)

AND

cpe:2.3:o:intel:server_system_r1000wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lnetcnt3y:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf4:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf5:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf6:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfhy2:-:::::::*
	cpe:2.3:h:intel:server_system_nb2208wfqnfvi:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wfqysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftysr:-:::::::*

Configuration 15 (hide)

AND

cpe:2.3:o:intel:server_system_r2000wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0np:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0npr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208waf6:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf81:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf82:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf83:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfhy6:-:::::::*

Configuration 16 (hide)

AND

cpe:2.3:o:intel:server_board_s2600st_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600stb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stqr:-:::::::*

Configuration 17 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600bpb:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpb24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblcr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpbr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpqr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpsr:-:::::::*

Configuration 18 (hide)

AND

cpe:2.3:o:intel:server_board_s2600bp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600bpb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bps:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpsr:-:::::::*

History

21 Nov 2024, 05:39

Type	Values Removed	Values Added
References	~~() https://security.netapp.com/advisory/ntap-20200814-0002/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20200814-0002/ - Third Party Advisory
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html - Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html - Vendor Advisory

Information

Published : 2020-08-13 03:15

Updated : 2024-11-21 05:39

NVD link : CVE-2020-8721

Mitre link : CVE-2020-8721

CVE.ORG link : CVE-2020-8721

JSON object : View

Products Affected

intel

server_system_r2224wttysr
compute_module_hns2600bpblc24
server_system_r2224wftzs
server_board_s2600cwt
server_system_r1208wftys
server_board_s1200spsr
compute_module_hns2600tpfr
server_system_r2208wttys
server_system_r1208wt2gsr
server_system_r2000wf_firmware
server_board_s2600bpq
server_board_s2600kpr
server_board_s2600bpbr
server_system_lnetcnt3y
compute_module_hns2600tp24r
server_system_r2308wttys
server_board_s1200spo
compute_module_hns2600bpsr
server_system_lr1304spcfg1
server_system_r1208wttgs
server_board_s2600kpfr
server_board_s2600kpf
compute_module_hns2600kpf
server_board_s1200sps
server_board_s2600cw2s
server_board_s1200splr
server_board_s2600cw2sr
compute_module_hns2600tp_firmware
server_board_s2600cw2r
server_board_s2600wftr
compute_module_hns2600bps24
compute_module_hns2600kp
server_board_s2600bps
server_system_mcb2208wfaf4
server_system_r1304wf0ys
server_system_r2308wttysr
compute_module_hns2600tp24sr
server_board_s2600stqr
compute_module_hns2600kpfr
server_board_s1200sp_firmware
server_system_r2208wf0zs
server_board_s2600stq
server_system_lr1304sp_firmware
compute_module_hns2600bpq
server_system_lr1304spcfg1r
server_board_s2600cwts
server_board_s2600tpfr
server_board_s2600tp
server_board_s2600stb
server_system_r2208wttyc1r
server_board_s2600wft
compute_module_hns2600bpqr
server_system_r1000sp_firmware
server_board_s2600wt_firmware
server_board_s2600stbr
server_board_s2600wtt
server_board_s1200spl
compute_module_hns2600bpb
server_board_s2600kptr
server_board_s2600cwtr
compute_module_s2600tp_firmware
compute_module_hns2600bpq24r
server_board_s2600cw2
server_board_s2600wf_firmware
compute_module_hns2600bpq24
server_system_r2224wftzsr
server_board_s2600bp_firmware
server_board_s2600cw
server_system_mcb2208wfaf6
server_system_r2308wftzs
server_system_r2208wt2ys
compute_module_hns2600bp_firmware
server_system_r2000wt_firmware
compute_module_hns2600tp
server_board_s2600kp_firmware
server_board_s2600st_firmware
server_board_s2600wf0r
compute_module_hns2600bpblc24r
server_system_r1208sposhor
server_system_lsvrp4304es6xx1
server_board_s2600wf0
server_system_r2208wttysr
compute_module_hns2600kpr
server_board_s2600bpb
server_system_r2208wfqzsr
server_system_r1208wttgsr
server_board_s2600wfq
server_system_r2208wttyc1
server_board_s2600bpsr
server_system_vrn2208wfaf81
server_board_s2600wfqr
server_system_r1000wt_firmware
server_board_s2600tpr
server_system_r2308wftzsr
server_system_r2312wf0npr
server_board_s2600wttr
server_system_r2224wfqzs
server_system_r1208sposhorr
server_board_s2600bpqr
server_board_s2600cwtsr
server_system_r2312wf0np
server_system_r2208wf0zsr
server_system_r2312wftzs
server_system_r1208wftysr
compute_module_hns2600tpr
server_system_r2312wttysr
server_system_r1208wfqysr
server_system_vrn2208wfhy6
server_system_vrn2208wfaf83
server_system_r1000wf_firmware
server_system_r1304wt2gsr
server_system_r2208wfqzs
server_board_s2600wt2
compute_module_hns2600bpbr
server_system_r2224wttys
compute_module_hns2600bps24r
server_system_r1304wttgsr
compute_module_hns2600bps
server_system_vrn2208wfaf82
server_system_r1304sposhbn
server_system_r1304wftys
server_system_lsvrp4304es6xxr
server_board_s2600tpf
server_system_r1304wftysr
server_system_r2312wftzsr
server_system_r1208wt2gs
server_system_lr1304spcfsgx1
server_system_r1304wt2gs
compute_module_hns2600bpb24r
server_system_r2208wt2ysr
server_board_s2600kp
server_system_r1304wf0ysr
server_system_mcb2208wfhy2
server_system_r1304sposhbnr
compute_module_hns2600bpblc
server_system_r2208wftzs
server_system_r1208wttgsbpp
compute_module_hns2600bpb24
server_system_nb2208wfqnfvi
server_board_s1200spor
compute_module_hns2600tpf
server_system_vrn2208waf6
server_system_r2312wttys
compute_module_hns2600kp_firmware
server_system_r1304sposhor
server_system_r1304sposhorr
server_system_lsvrp_firmware
server_system_r2208wftzsr
server_system_r1304wttgs
server_system_mcb2208wfaf5
compute_module_hns2600bpblcr
server_board_s2600wt2r
server_system_r2312wfqzs

CWE

CWE-20

Improper Input Validation

8.2 /10