Privilege Escalation Vulnerability in ASRock 4x4 BOX-R1000 BIOS
CVE-2020-14032

9.8CRITICAL

Key Information:

Vendor: Asrock
Status: Box-r1000 Firmware
Vendor: CVE Published:; 23 July 2021

What is CVE-2020-14032?

The ASRock 4x4 BOX-R1000 contains a vulnerability in its BIOS version prior to P1.40, allowing attackers to escalate privileges through code execution in the System Management Mode (SMM). This could potentially provide unauthorized access to sensitive system functions, posing a significant risk to data integrity and overall system security. Users are encouraged to update their BIOS to the latest version to mitigate this vulnerability.

References

https://www.asrock.com/support/index.us.asp?cat=BIOS

x_refsource_MISC

https://dannyodler.medium.com/attacking-the-golden-ring-o...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2021
Vulnerability Reserved
Jun 11, 2020

JSON

Asrock

What is CVE-2020-14032?

References

CVSS V3.1

Timeline