CVE-2020-8714

Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS v3.0 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html	Vendor Advisory
https://security.netapp.com/advisory/ntap-20200814-0002/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:server_board_s2600wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600wt2:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wt2r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wtt:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wttr:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:server_system_r1000wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r1208wt2gs:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wt2gsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgs:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgsbpp:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wt2gs:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wt2gsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wttgs:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wttgsr:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:server_system_r2000wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r2208wt2ys:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wt2ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttyc1:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttyc1r:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wttysr:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:server_board_s2600cw:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:intel:server_board_s2600cw2:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2r:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2s:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2sr:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwt:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwtr:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwts:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwtsr:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600kp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600kp:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpf:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpfr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpr:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:server_board_s2600kp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600kp:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpf:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpfr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kptr:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600tp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600tp:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tp24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tp24sr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpf:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpfr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpr:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:compute_module_s2600tp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600tp:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpf:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpfr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpr:-:::::::*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:server_board_s1200sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s1200spl:-:::::::*
	cpe:2.3:h:intel:server_board_s1200splr:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spo:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spor:-:::::::*
	cpe:2.3:h:intel:server_board_s1200sps:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spsr:-:::::::*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:server_system_lr1304sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lr1304spcfg1:-:::::::*
	cpe:2.3:h:intel:server_system_lr1304spcfg1r:-:::::::*
	cpe:2.3:h:intel:server_system_lr1304spcfsgx1:-:::::::*

Configuration 11 (hide)

AND

cpe:2.3:o:intel:server_system_lsvrp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lsvrp4304es6xx1:-:::::::*
	cpe:2.3:h:intel:server_system_lsvrp4304es6xxr:-:::::::*

Configuration 12 (hide)

AND

cpe:2.3:o:intel:server_system_r1000sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r1208sposhor:-:::::::*
	cpe:2.3:h:intel:server_system_r1208sposhorr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhbn:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhbnr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhor:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhorr:-:::::::*

Configuration 13 (hide)

AND

cpe:2.3:o:intel:server_board_s2600wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600wf0:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wft:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wftr:-:::::::*

Configuration 14 (hide)

AND

cpe:2.3:o:intel:server_system_r1000wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lnetcnt3y:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf4:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf5:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf6:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfhy2:-:::::::*
	cpe:2.3:h:intel:server_system_nb2208wfqnfvi:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wfqysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftysr:-:::::::*

Configuration 15 (hide)

AND

cpe:2.3:o:intel:server_system_r2000wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0np:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0npr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208waf6:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf81:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf82:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf83:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfhy6:-:::::::*

Configuration 16 (hide)

AND

cpe:2.3:o:intel:server_board_s2600st_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600stb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stqr:-:::::::*

Configuration 17 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600bpb:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpb24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblcr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpbr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpqr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpsr:-:::::::*

Configuration 18 (hide)

AND

cpe:2.3:o:intel:server_board_s2600bp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600bpb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bps:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpsr:-:::::::*

Information

Published : 2020-08-12 20:15

Updated : 2020-08-19 10:19

NVD link : CVE-2020-8714

Mitre link : CVE-2020-8714

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

intel

server_system_r2208wftzs
server_system_r1304wftys
compute_module_hns2600bp_firmware
server_system_r2224wfqzs
server_system_r2312wfqzs
server_board_s2600stb
compute_module_hns2600bpb24r
compute_module_hns2600bpblc
server_system_r1304wttgsr
compute_module_hns2600tpr
compute_module_hns2600bps
compute_module_hns2600bpblc24
compute_module_hns2600bpbr
server_system_r1208wfqysr
compute_module_hns2600bpb
server_board_s2600wt2
server_board_s2600wf0
server_system_r1208wttgs
server_system_vrn2208wfhy6
server_system_r1208wttgsr
server_board_s2600kpfr
server_board_s2600bpq
server_system_r2208wftzsr
server_board_s2600wttr
server_system_r1304wttgs
server_board_s1200spo
server_board_s2600bpqr
server_board_s2600wfqr
server_board_s2600cwtsr
server_system_r1304wt2gs
compute_module_hns2600kp
server_system_mcb2208wfhy2
server_board_s2600bpb
server_system_r2208wt2ys
compute_module_hns2600kp_firmware
compute_module_hns2600bpblc24r
compute_module_hns2600bps24
server_system_r2308wftzsr
server_system_r2208wttysr
compute_module_hns2600bpq
compute_module_hns2600tpfr
server_system_r1304wf0ysr
server_board_s2600st_firmware
server_board_s2600cw2
compute_module_hns2600bps24r
server_system_lr1304spcfg1r
server_board_s2600bpbr
server_system_r2312wttys
server_system_lnetcnt3y
server_system_r2312wf0np
server_board_s2600cw2s
server_system_r1208wftys
compute_module_hns2600tp24sr
server_system_r2312wftzs
server_system_vrn2208wfaf82
server_board_s1200spsr
compute_module_hns2600bpq24
server_system_r1304wt2gsr
server_system_r1208sposhor
server_board_s1200splr
compute_module_hns2600tp
server_board_s2600stbr
server_system_r2308wttysr
server_board_s2600kp_firmware
server_system_r1000sp_firmware
server_board_s2600wf0r
server_system_r2208wf0zs
server_system_vrn2208waf6
compute_module_hns2600tp24r
server_board_s2600tpf
server_system_r2208wttyc1
server_board_s2600stq
server_system_r2208wfqzs
server_board_s2600cwts
server_system_nb2208wfqnfvi
compute_module_hns2600bpsr
server_system_r1208wttgsbpp
compute_module_hns2600kpf
compute_module_hns2600bpq24r
server_system_r1000wf_firmware
server_board_s2600cwtr
compute_module_hns2600kpfr
server_system_r2208wt2ysr
server_board_s2600cwt
server_system_mcb2208wfaf4
server_system_mcb2208wfaf6
server_board_s2600wft
server_board_s2600wt2r
compute_module_hns2600tp_firmware
server_system_r2308wttys
server_system_r2208wf0zsr
server_board_s2600kptr
server_system_lsvrp_firmware
compute_module_s2600tp_firmware
server_board_s2600kpf
server_board_s1200sps
server_system_lsvrp4304es6xx1
server_board_s2600cw
server_board_s2600cw2sr
server_system_r1304sposhbnr
server_board_s2600wf_firmware
server_system_r2000wf_firmware
server_system_r2224wftzsr
server_board_s2600bps
server_board_s2600bp_firmware
server_system_r1304wftysr
compute_module_hns2600bpb24
compute_module_hns2600kpr
server_board_s2600stqr
server_system_lr1304sp_firmware
server_system_r2312wftzsr
server_system_r1304sposhorr
server_system_r2224wttys
server_system_r2308wftzs
server_board_s1200spor
server_system_lr1304spcfsgx1
server_board_s2600kpr
server_board_s1200sp_firmware
server_system_lr1304spcfg1
server_system_r1304sposhor
server_board_s2600tpr
server_system_r2312wttysr
server_board_s2600wftr
server_board_s2600kp
server_system_r1208sposhorr
server_system_r1208wftysr
server_board_s2600wtt
server_system_vrn2208wfaf81
compute_module_hns2600bpqr
server_board_s1200spl
server_system_lsvrp4304es6xxr
server_system_r1304sposhbn
server_system_r2208wfqzsr
server_system_r1304wf0ys
server_system_r2224wttysr
server_board_s2600wt_firmware
compute_module_hns2600bpblcr
server_board_s2600bpsr
server_board_s2600cw2r
server_system_r1000wt_firmware
compute_module_hns2600tpf
server_system_r2224wftzs
server_board_s2600tp
server_system_r2208wttys
server_board_s2600tpfr
server_system_r1208wt2gsr
server_system_r2208wttyc1r
server_system_mcb2208wfaf5
server_system_vrn2208wfaf83
server_system_r1208wt2gs
server_system_r2312wf0npr
server_board_s2600wfq
server_system_r2000wt_firmware

7.8 /10