Auth bypass in Intel Compute_module_hns2600bpb
CVE-2020-8714
Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
Vulnerability class: Broken Authentication
EPSS: 0.003 (24.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Intel Compute_module_hns2600bpb
- Intel Compute_module_hns2600bpb24
- Intel Compute_module_hns2600bpb24r
- Intel Compute_module_hns2600bpblc
- Intel Compute_module_hns2600bpblc24
- Intel Compute_module_hns2600bpblc24r
- Intel Compute_module_hns2600bpblcr
- Intel Compute_module_hns2600bpbr
- Intel Compute_module_hns2600bp_firmware
- Intel Compute_module_hns2600bpq
Weakness classification (CWE)
References
- secure@intel.com (x_refsource_MISC, Vendor Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
Frequently asked questions
- What is CVE-2020-8714?
- CVE-2020-8714 is a high-severity vulnerability in Intel Compute_module_hns2600bpb, classified under Improper Authentication. CVSS score: 7.8/10. Published 2020-08-13.
- How severe is CVE-2020-8714?
- High severity. CVSS v3 base score is 7.8 out of 10.