1. Home
  2. CVE Database
  3. CVE-2020-24475
MEDIUM · 5.5

CVE-2020-24475

Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denia...

Vulnerability Description

Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
IntelBaseboard Management Controller Firmware< 2.48.ce3e3bd2
IntelCompute Module Hns2600Bpb24R-
IntelCompute Module Hns2600Bpbr-
IntelCompute Module Hns2600Bpq24R-
IntelCompute Module Hns2600Bpqr-
IntelCompute Module Hns2600Bps24R-
IntelCompute Module Hns2600Bpsr-
IntelServer Board S2600Bpb-
IntelServer Board S2600Bpbr-
IntelServer Board S2600Bpq-
IntelServer Board S2600Bpqr-
IntelServer Board S2600Bps-
IntelServer Board S2600Bpsr-
IntelServer Board S2600Stb-
IntelServer Board S2600Stbr-
IntelServer Board S2600Stq-
IntelServer Board S2600Stqr-
IntelServer Board S2600Wf0-
IntelServer Board S2600Wf0R-
IntelServer Board S2600Wfq-

Related Weaknesses (CWE)

CWE-665

References

FAQ

What is CVE-2020-24475?

CVE-2020-24475 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denia...

How severe is CVE-2020-24475?

CVE-2020-24475 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24475?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Baseboard Management Controller Firmware, Intel Compute Module Hns2600Bpb24R, Intel Compute Module Hns2600Bpbr, Intel Compute Module Hns2600Bpq24R, Intel Compute Module Hns2600Bpqr.