CVE-2020-7207

Published: Nov 5, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

Affected (21)

21 products

Apollo 2000 Firmware

Apollo 4200 Gen10 Firmware

Apollo 4500 Firmware

Proliant Xl270d Gen10 Firmware

Proliant Bl460c Gen10 Firmware

Proliant Dl120 Gen10 Firmware

Proliant Dl160 Gen10 Firmware

Proliant Dl180 Gen10 Firmware

Proliant Dl360 Gen10 Firmware

Proliant Dl380 Gen10 Firmware

Proliant Dl560 Gen10 Firmware

Proliant Dl580 Gen10 Firmware

Proliant Ml110 Gen10 Firmware

Proliant Ml350 Gen10 Firmware

Synergy 480 Gen10 Firmware

Synergy 660 Gen10 Firmware

Proliant E910 Firmware

Proliant Xl170r Gen10 Firmware

Proliant Xl190r Gen10 Firmware

Proliant Xl230k Gen10 Firmware

Proliant Xl450 Gen10 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Apollo 2000 Firmware	All versions

Running on/with	Platform Versions
Hp Apollo 2000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Apollo 4200 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Apollo 4200 Gen10	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Apollo 4500 Firmware	All versions

Running on/with	Platform Versions
Hp Apollo 4500	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Xl270d Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Xl270d Gen10	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Bl460c Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Bl460c Gen10	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Dl120 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Dl120 Gen10	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Dl160 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Dl160 Gen10	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Dl180 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Dl180 Gen10	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Dl360 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Dl360 Gen10	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Dl380 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Dl380 Gen10	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Dl560 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Dl560 Gen10	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Dl580 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Dl580 Gen10	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Ml110 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Ml110 Gen10	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Ml350 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Ml350 Gen10	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Synergy 480 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Synergy 480 Gen10	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Synergy 660 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Synergy 660 Gen10	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant E910 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant E910	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Xl170r Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Xl170r Gen10	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Xl190r Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Xl190r Gen10	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Xl230k Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Xl230k Gen10	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Proliant Xl450 Gen10 Firmware	All versions

Running on/with	Platform Versions
Hp Proliant Xl450 Gen10	All versions

References (2)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us

Source: security-alert@hpe.com

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.