CVE-2020-0572

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 83.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Server Board S2600st Firmware Intel Server Board S2600wf Firmware

Timeline

PublishedNov 12

Latest updateMay 24

Description

Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5intel(r)_server_board_s2600st_and_s2600wf_familiesSee references

▶NVDintel/server_board_s2600st_firmware< 02.01.0011

▶NVDintel/server_board_s2600wf_firmware< 02.01.0012

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-564j-m93c-fjxx: Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable esc↗2022-05-24

▶

CVEList

CVE-2020-0572: Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable esc↗2020-11-12

▶