1. Home
  2. CVE Database
  3. CVE-2020-24474
HIGH · 8.0

CVE-2020-24474

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of...

Vulnerability Description

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IntelBaseboard Management Controller Firmware< 2.48.ce3e3bd2
IntelCompute Module Hns2600Bpb24R-
IntelCompute Module Hns2600Bpbr-
IntelCompute Module Hns2600Bpq24R-
IntelCompute Module Hns2600Bpqr-
IntelCompute Module Hns2600Bps24R-
IntelCompute Module Hns2600Bpsr-
IntelServer Board S2600Bpb-
IntelServer Board S2600Bpbr-
IntelServer Board S2600Bpq-
IntelServer Board S2600Bpqr-
IntelServer Board S2600Bps-
IntelServer Board S2600Bpsr-
IntelServer Board S2600Stb-
IntelServer Board S2600Stbr-
IntelServer Board S2600Stq-
IntelServer Board S2600Stqr-
IntelServer Board S2600Wf0-
IntelServer Board S2600Wf0R-
IntelServer Board S2600Wfq-

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2020-24474?

CVE-2020-24474 is a vulnerability with a CVSS score of 8.0 (HIGH). Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of...

How severe is CVE-2020-24474?

CVE-2020-24474 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24474?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Baseboard Management Controller Firmware, Intel Compute Module Hns2600Bpb24R, Intel Compute Module Hns2600Bpbr, Intel Compute Module Hns2600Bpq24R, Intel Compute Module Hns2600Bpqr.