CVE-2020-8709

moderate-risk

Published 2020-08-13

Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (18)

Server Board S2600Wt Firmware

Server System R1000Wt Firmware

Server System R2000Wt Firmware

Server Board S2600Cw

Compute Module Hns2600Kp Firmware

Server Board S2600Kp Firmware

Compute Module Hns2600Tp Firmware

Compute Module S2600Tp Firmware

Server Board S1200Sp Firmware

Server System Lr1304Sp Firmware

Server System Lsvrp Firmware

Server System R1000Sp Firmware

Server Board S2600Wf Firmware

Server System R1000Wf Firmware

Server System R2000Wf Firmware

Server Board S2600St Firmware

Compute Module Hns2600Bp Firmware

Server Board S2600Bp Firmware

Affected Vendors

Intel

References (4)

Third Party Advisory https://security.netapp.com/advisory/ntap-20200814-0002/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384....

Third Party Advisory https://security.netapp.com/advisory/ntap-20200814-0002/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384....

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate