CVE-2020-24495

Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00456.html	Patch Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00456.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:ethernet_network_adapter_700_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:ethernet_network_adapter_v710-at2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-am2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-at2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-bm2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-da2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-da2_for_ocp:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-da2_for_ocp_3.0:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-da4:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-da4_for_ocp_3.0:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-t2l:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-t2l_for_ocp_3.0:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-t4:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-t4l:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-t4l_for_ocp_3.0:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x710-tm4:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x722-da2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_x722-da4:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xl710-am1:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xl710-am2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xl710-bm1:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xl710-bm2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xl710-qda1:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xl710-qda1_for_open_compute_project:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xl710-qda2_for_open_compute_project:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xlk710-qda2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xxv710-am1:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xxv710-am2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xxv710-da1:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xxv710-da1_for_ocp:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xxv710-da2:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xxv710-da2t:-:::::::*
	cpe:2.3:h:intel:ethernet_network_adapter_xxv710-dax_for_ocp:-:::::::*

History

21 Nov 2024, 05:14

Type	Values Removed	Values Added
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00456.html - Patch, Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00456.html - Patch, Vendor Advisory

Information

Published : 2021-02-17 14:15

Updated : 2024-11-21 05:14

NVD link : CVE-2020-24495

Mitre link : CVE-2020-24495

CVE.ORG link : CVE-2020-24495

JSON object : View

Products Affected

intel

ethernet_network_adapter_xxv710-am1
ethernet_network_adapter_x710-tm4
ethernet_network_adapter_x722-da4
ethernet_network_adapter_xl710-bm2
ethernet_network_adapter_x710-at2
ethernet_network_adapter_x722-da2
ethernet_network_adapter_x710-t4
ethernet_network_adapter_xxv710-am2
ethernet_network_adapter_x710-da2
ethernet_network_adapter_x710-t4l_for_ocp_3.0
ethernet_network_adapter_x710-am2
ethernet_network_adapter_xl710-qda1_for_open_compute_project
ethernet_network_adapter_xl710-bm1
ethernet_network_adapter_xxv710-da2t
ethernet_network_adapter_xl710-qda1
ethernet_network_adapter_x710-t2l
ethernet_network_adapter_xxv710-dax_for_ocp
ethernet_network_adapter_x710-da2_for_ocp
ethernet_network_adapter_xxv710-da1
ethernet_network_adapter_x710-t2l_for_ocp_3.0
ethernet_network_adapter_x710-da4_for_ocp_3.0
ethernet_network_adapter_xxv710-da1_for_ocp
ethernet_network_adapter_x710-t4l
ethernet_network_adapter_xl710-am2
ethernet_network_adapter_xlk710-qda2
ethernet_network_adapter_xl710-am1
ethernet_network_adapter_x710-da2_for_ocp_3.0
ethernet_network_adapter_v710-at2
ethernet_network_adapter_x710-bm2
ethernet_network_adapter_x710-da4
ethernet_network_adapter_700_firmware
ethernet_network_adapter_xl710-qda2_for_open_compute_project
ethernet_network_adapter_xxv710-da2

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-24495", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2021-02-17T14:15:17.903", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00456.html", "tags": ["Patch", "Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00456.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access."}, {"lang": "es", "value": "Un control de acceso insuficiente en el firmware para la Intel\u00ae 700-series de Ethernet Controllers versi\u00f3n anterior a 7.3, puede permitir a un usuario privilegiado habilitar potencialmente una denegaci\u00f3n de servicio por medio de un acceso local"}], "lastModified": "2024-11-21T05:14:54.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:ethernet_network_adapter_700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F56CE3-BE73-4FE3-8616-25608F7F68F5", "versionEndExcluding": "7.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_v710-at2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "494011D6-49C2-4F26-B905-445B539C5D51"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-am2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D672DE9F-79FB-4276-AD77-5FFC86A49948"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-at2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23BB5E3F-F488-49C0-B640-22AE769378A3"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-bm2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D48F6026-6F2A-470C-A7E7-D9E5A4E9D682"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-da2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C079E4AA-2F70-49D5-9223-404ADBA47564"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-da2_for_ocp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB7DC1CC-A380-4E0B-8C19-B1AD04CD7D5C"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-da2_for_ocp_3.0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D21B390-03C0-4788-B984-EC921F7F8D6F"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-da4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAC1902D-A930-4428-A2B7-6E80D920632B"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-da4_for_ocp_3.0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0DA33180-B159-43BC-97BA-443D3C84EEF3"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-t2l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F895D880-BA04-4802-AC2C-C0C9C02C4D59"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-t2l_for_ocp_3.0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96EC77BF-35B3-4806-BE85-0D7108902F22"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-t4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C79E04D-C51C-488B-AE28-AA5B005C4D1D"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-t4l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "850738A7-1403-45EF-A370-BE313827DF51"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-t4l_for_ocp_3.0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B6E9F86F-F95F-49B5-9634-DF8DA605799F"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x710-tm4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D57222D8-5537-4B2F-AEF4-DA861E61B096"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x722-da2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CEC0C3D-E49C-40B5-9B4C-08F7C986B817"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_x722-da4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47F2235C-6607-4ADE-ACEB-764B44953670"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xl710-am1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D10B81A8-BFF1-4641-B598-F9550E624D29"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xl710-am2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF62C7DD-0DEF-41A4-A476-3A89A888D2A0"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xl710-bm1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF3A6A48-B280-4042-9E5E-7A0E3EE438FA"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xl710-bm2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFFEC78A-4E9C-4267-A5F4-CF1F2DA9D333"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xl710-qda1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "018BA1BB-C086-4ED7-9577-5C11E5AFAEDA"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xl710-qda1_for_open_compute_project:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F937E20-0529-4A1B-B232-BE6F5F3C7FE5"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xl710-qda2_for_open_compute_project:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8897E658-FDE0-4A3F-8AD2-F1EBA04C26B4"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xlk710-qda2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4AAE6AD-1122-4D39-A646-F34592208D86"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xxv710-am1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "22C54F65-D39E-4ACF-BA2A-2AB4D7D3257F"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xxv710-am2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1555A7C2-DDD3-405D-A753-D8C76A457100"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xxv710-da1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "15B305BC-ED4C-45A8-A1FC-B926980D74AD"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xxv710-da1_for_ocp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "087B7178-B63B-4CC1-8AD7-67F1C2097444"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xxv710-da2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64F44AD2-48B9-4406-8E3F-5296B53804B6"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xxv710-da2t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2620FCEC-73B1-490A-9858-9730668017A4"}, {"criteria": "cpe:2.3:h:intel:ethernet_network_adapter_xxv710-dax_for_ocp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "42C81784-6CB4-40D2-B75A-559C6DF2F98C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}

4.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-24495

4.4^/10

2.1^/10

Attach tags to `CVE-2020-24495`