CVE-2020-24474

Published: Jun 9, 2021Modified: Jun 17, 2026

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Affected (1)

Products: Intel: Baseboard Management Controller Firmware

Intel

1 product

Baseboard Management Controller Firmware

Configuration A

1 vulnerable · 45 platform

Vulnerable Software	Affected Versions
Intel Baseboard Management Controller Firmware	Before 2.48.ce3e3bd2

Running on/with	Platform Versions
Intel Compute Module Hns2600bpb24r	All versions
Intel Compute Module Hns2600bpbr	All versions
Intel Compute Module Hns2600bpq24r	All versions
Intel Compute Module Hns2600bpqr	All versions
Intel Compute Module Hns2600bps24r	All versions
Intel Compute Module Hns2600bpsr	All versions
Intel Server Board S2600bpb	All versions
Intel Server Board S2600bpbr	All versions
Intel Server Board S2600bpq	All versions
Intel Server Board S2600bpqr	All versions
Intel Server Board S2600bps	All versions
Intel Server Board S2600bpsr	All versions
Intel Server Board S2600stb	All versions
Intel Server Board S2600stbr	All versions
Intel Server Board S2600stq	All versions
Intel Server Board S2600stqr	All versions
Intel Server Board S2600wf0	All versions
Intel Server Board S2600wf0r	All versions
Intel Server Board S2600wfq	All versions
Intel Server Board S2600wfqr	All versions
Intel Server Board S2600wft	All versions
Intel Server Board S2600wftr	All versions
Intel Server System R1208wfqysr	All versions
Intel Server System R1208wftys	All versions
Intel Server System R1208wftysr	All versions
Intel Server System R1304wf0ys	All versions
Intel Server System R1304wf0ysr	All versions
Intel Server System R1304wftys	All versions
Intel Server System R1304wftysr	All versions
Intel Server System R2208wf0zs	All versions
Intel Server System R2208wf0zsr	All versions
Intel Server System R2208wfqzs	All versions
Intel Server System R2208wfqzsr	All versions
Intel Server System R2208wftzs	All versions
Intel Server System R2208wftzsr	All versions
Intel Server System R2224wfqzs	All versions
Intel Server System R2224wftzs	All versions
Intel Server System R2224wftzsr	All versions
Intel Server System R2308wftzs	All versions
Intel Server System R2308wftzsr	All versions
Intel Server System R2312wf0np	All versions
Intel Server System R2312wf0npr	All versions
Intel Server System R2312wfqzs	All versions
Intel Server System R2312wftzs	All versions
Intel Server System R2312wftzsr	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.