CVE-2020-12376

CWE-798Hard-coded Credentials3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 83.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel BMC Firmware
Timeline
PublishedFeb 17
Latest updateMay 24

Description

Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDintel/bmc_firmware< 2.47

Patches

Patch: www.intel.comPatch: www.intel.com

🔴Vulnerability Details

2
GHSA
GHSA-7hvq-6xxm-hcx6: Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 22022-05-24
CVEList
CVE-2020-12376: Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 22021-02-17
CVE-2020-12376 (MEDIUM CVSS 5.5) | Use of hard-coded key in the BMC fi | cvebase.io