CVE-2020-12377

Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: Feb 17, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-12377
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
intel / bmc_firmware	-	2.47

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html

Vulnerability Database

289,871

CVE-2020-12377