Vulnerability in Intel Baseboard_management_controller_firmware
CVE-2020-24475
Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.
Vulnerability class: Dirty Pipe (CVE-2022-0847)
EPSS: 0.002 (12.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Intel Baseboard_management_controller_firmware
- Intel Compute_module_hns2600bpb24r
- Intel Compute_module_hns2600bpbr
- Intel Compute_module_hns2600bpq24r
- Intel Compute_module_hns2600bpqr
- Intel Compute_module_hns2600bps24r
- Intel Compute_module_hns2600bpsr
- Intel Server_board_s2600bpb
- Intel Server_board_s2600bpbr
- Intel Server_board_s2600bpq
Weakness classification (CWE)
References
- secure@intel.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-24475?
- CVE-2020-24475 is a medium-severity vulnerability in Intel Baseboard_management_controller_firmware, classified under Improper Initialization. CVSS score: 5.5/10. Published 2021-06-09.
- How severe is CVE-2020-24475?
- Medium severity. CVSS v3 base score is 5.5 out of 10.