What is CVE-2020-24473?

CVE-2020-24473 is a high-severity vulnerability in Intel Baseboard_management_controller_firmware, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2021-06-09.

How severe is CVE-2020-24473?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Intel Baseboard_management_controller_firmware

CVE-2020-24473

Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Vulnerability class: Buffer Overflow

EPSS: 0.002 (15.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Intel Baseboard_management_controller_firmware
Intel Compute_module_hns2600bpb24r
Intel Compute_module_hns2600bpbr
Intel Compute_module_hns2600bpq24r
Intel Compute_module_hns2600bpqr
Intel Compute_module_hns2600bps24r
Intel Compute_module_hns2600bpsr
Intel Server_board_s2600bpb
Intel Server_board_s2600bpbr
Intel Server_board_s2600bpq

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

secure@intel.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-24473?: CVE-2020-24473 is a high-severity vulnerability in Intel Baseboard_management_controller_firmware, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2021-06-09.
How severe is CVE-2020-24473?: High severity. CVSS v3 base score is 7.8 out of 10.