CVE-2020-12376

Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.

Published: Feb 17, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-12376
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-798

Affected Software
References

Software	From	Fixed in
intel / bmc_firmware	-	2.47

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html

Vulnerability Database

289,871

CVE-2020-12376