1. Home
  2. CVE Database
  3. CVE-2020-7207
MEDIUM · 6.8

CVE-2020-7207

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the se...

Vulnerability Description

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HpApollo 2000 Firmware-
HpApollo 2000-
HpApollo 4200 Gen10 Firmware-
HpApollo 4200 Gen10-
HpApollo 4500 Firmware-
HpApollo 4500-
HpProliant Xl230K Gen10 Firmware-
HpProliant Xl230K Gen10-
HpProliant Xl270D Gen10 Firmware-
HpProliant Xl270D Gen10-
HpProliant Bl460C Gen10 Firmware-
HpProliant Bl460C Gen10-
HpProliant Dl120 Gen10 Firmware-
HpProliant Dl120 Gen10-
HpProliant Dl160 Gen10 Firmware-
HpProliant Dl160 Gen10-
HpProliant Dl180 Gen10 Firmware-
HpProliant Dl180 Gen10-
HpProliant Dl360 Gen10 Firmware-
HpProliant Dl360 Gen10-

References

FAQ

What is CVE-2020-7207?

CVE-2020-7207 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the se...

How severe is CVE-2020-7207?

CVE-2020-7207 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7207?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Apollo 2000 Firmware, Hp Apollo 2000, Hp Apollo 4200 Gen10 Firmware, Hp Apollo 4200 Gen10, Hp Apollo 4500 Firmware.