CVE-2020-12375

CWE-787Out-of-bounds Write3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 78.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel BMC Firmware
Timeline
PublishedFeb 17
Latest updateMay 24

Description

Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

NVDintel/bmc_firmware< 2.47

Patches

Patch: www.intel.comPatch: www.intel.com

🔴Vulnerability Details

2
GHSA
GHSA-82wq-hq49-hv83: Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 22022-05-24
CVEList
CVE-2020-12375: Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 22021-02-17
CVE-2020-12375 (MEDIUM CVSS 6.7) | Heap overflow in the BMC firmware f | cvebase.io