CVE-2020-12377

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 81.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel BMC Firmware
Timeline
PublishedFeb 17
Latest updateMay 24

Description

Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDintel/bmc_firmware< 2.47

Patches

Patch: www.intel.comPatch: www.intel.com

🔴Vulnerability Details

2
GHSA
GHSA-wx6g-25hj-w9r2: Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 22022-05-24
CVEList
CVE-2020-12377: Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 22021-02-17
CVE-2020-12377 (HIGH CVSS 7.8) | Insufficient input validation in th | cvebase.io