CVE-2020-12300

moderate-risk

Published 2020-08-13

Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

LOCAL / LOW complexity

Affected Products (20)

S2600Cw2 Firmware

S2600Cw2S Firmware

S2600Cwt Firmware

S2600Cwts Firmware

S2600Cw2R Firmware

S2600Cw2Sr Firmware

S2600Cwtr Firmware

S2600Cwtsr Firmware

S2600Kp Firmware

S2600Kpf Firmware

S2600Kpr Firmware

S2600Kpfr Firmware

S2600Kptr Firmware

S2600Tp Firmware

S2600Tpf Firmware

S2600Tpfr Firmware

S2600Tpnr Firmware

S2600Tpr Firmware

S2600Wt2 Firmware

S2600Wtt Firmware

Affected Vendors

Intel

References (4)

Third Party Advisory https://security.netapp.com/advisory/ntap-20200814-0001/

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00367....

Third Party Advisory https://security.netapp.com/advisory/ntap-20200814-0001/

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00367....

/ 100

moderate-risk

Severity 25/34 · High

Exploitability 0/34 · Minimal

Exposure 21/34 · High