CVE-2020-8731

moderate-risk

Published 2020-08-13

Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

LOCAL / LOW complexity

Affected Products (18)

Server Board S2600Wt Firmware

Server System R1000Wt Firmware

Server System R2000Wt Firmware

Server Board S2600Cw

Compute Module Hns2600Kp Firmware

Server Board S2600Kp Firmware

Compute Module Hns2600Tp Firmware

Compute Module S2600Tp Firmware

Server Board S1200Sp Firmware

Server System Lr1304Sp Firmware

Server System Lsvrp Firmware

Server System R1000Sp Firmware

Server Board S2600Wf Firmware

Server System R1000Wf Firmware

Server System R2000Wf Firmware

Server Board S2600St Firmware

Compute Module Hns2600Bp Firmware

Server Board S2600Bp Firmware

Affected Vendors

Intel

References (4)

Third Party Advisory https://security.netapp.com/advisory/ntap-20200814-0002/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384....

Third Party Advisory https://security.netapp.com/advisory/ntap-20200814-0002/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384....

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 0/34 · Minimal

Exposure 19/34 · Moderate