Auth bypass in Intel Compute_module_hns2600bpb
CVE-2020-8709
Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Vulnerability class: Broken Authentication
EPSS: 0.007 (46.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Intel Compute_module_hns2600bpb
- Intel Compute_module_hns2600bpb24
- Intel Compute_module_hns2600bpb24r
- Intel Compute_module_hns2600bpblc
- Intel Compute_module_hns2600bpblc24
- Intel Compute_module_hns2600bpblc24r
- Intel Compute_module_hns2600bpblcr
- Intel Compute_module_hns2600bpbr
- Intel Compute_module_hns2600bp_firmware
- Intel Compute_module_hns2600bpq
Weakness classification (CWE)
References
- secure@intel.com (x_refsource_MISC, Vendor Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
Frequently asked questions
- What is CVE-2020-8709?
- CVE-2020-8709 is a high-severity vulnerability in Intel Compute_module_hns2600bpb, classified under Improper Authentication. CVSS score: 8.8/10. Published 2020-08-13.
- How severe is CVE-2020-8709?
- High severity. CVSS v3 base score is 8.8 out of 10.