CVE-2020-24473

Summary

CVE	CVE-2020-24473
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-09 20:15:00 UTC
Updated	2021-07-01 19:55:00 UTC
Description	Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Intel	Baseboard Management Controller Firmware	All	All	All	All
Hardware	Intel	Compute Module Hns2600bpb24r	-	All	All	All
Hardware	Intel	Compute Module Hns2600bpbr	-	All	All	All
Hardware	Intel	Compute Module Hns2600bpq24r	-	All	All	All
Hardware	Intel	Compute Module Hns2600bpqr	-	All	All	All
Hardware	Intel	Compute Module Hns2600bps24r	-	All	All	All
Hardware	Intel	Compute Module Hns2600bpsr	-	All	All	All
Hardware	Intel	Server Board S2600bpb	-	All	All	All
Hardware	Intel	Server Board S2600bpbr	-	All	All	All
Hardware	Intel	Server Board S2600bpq	-	All	All	All
Hardware	Intel	Server Board S2600bpqr	-	All	All	All
Hardware	Intel	Server Board S2600bps	-	All	All	All
Hardware	Intel	Server Board S2600bpsr	-	All	All	All
Hardware	Intel	Server Board S2600stb	-	All	All	All
Hardware	Intel	Server Board S2600stbr	-	All	All	All
Hardware	Intel	Server Board S2600stq	-	All	All	All
Hardware	Intel	Server Board S2600stqr	-	All	All	All
Hardware	Intel	Server Board S2600wf0	-	All	All	All
Hardware	Intel	Server Board S2600wf0r	-	All	All	All
Hardware	Intel	Server Board S2600wfq	-	All	All	All
Hardware	Intel	Server Board S2600wfqr	-	All	All	All
Hardware	Intel	Server Board S2600wft	-	All	All	All
Hardware	Intel	Server Board S2600wftr	-	All	All	All
Hardware	Intel	Server System R1208wfqysr	-	All	All	All
Hardware	Intel	Server System R1208wftys	-	All	All	All
Hardware	Intel	Server System R1208wftysr	-	All	All	All
Hardware	Intel	Server System R1304wf0ys	-	All	All	All
Hardware	Intel	Server System R1304wf0ysr	-	All	All	All
Hardware	Intel	Server System R1304wftys	-	All	All	All
Hardware	Intel	Server System R1304wftysr	-	All	All	All
Hardware	Intel	Server System R2208wf0zs	-	All	All	All
Hardware	Intel	Server System R2208wf0zsr	-	All	All	All
Hardware	Intel	Server System R2208wfqzs	-	All	All	All
Hardware	Intel	Server System R2208wfqzsr	-	All	All	All
Hardware	Intel	Server System R2208wftzs	-	All	All	All
Hardware	Intel	Server System R2208wftzsr	-	All	All	All
Hardware	Intel	Server System R2224wfqzs	-	All	All	All
Hardware	Intel	Server System R2224wftzs	-	All	All	All
Hardware	Intel	Server System R2224wftzsr	-	All	All	All
Hardware	Intel	Server System R2308wftzs	-	All	All	All
Hardware	Intel	Server System R2308wftzsr	-	All	All	All
Hardware	Intel	Server System R2312wf0np	-	All	All	All
Hardware	Intel	Server System R2312wf0npr	-	All	All	All
Hardware	Intel	Server System R2312wfqzs	-	All	All	All
Hardware	Intel	Server System R2312wftzs	-	All	All	All
Hardware	Intel	Server System R2312wftzsr	-	All	All	All

References

Reference	Source	Link	Tags
INTEL-SA-00476	MISC	www.intel.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.