Local Elevation of Privilege Vulnerability in HPE Proliant Gen10 Servers
CVE-2020-7207
Key Information:
- Vendor
- HP
- Vendor
- CVE Published:
- 5 November 2020
Summary
A local elevation of privilege vulnerability exists in HPE Proliant Gen10 Servers that utilize the Intel Innovation Engine. This vulnerability allows an attacker with physical access to the server's motherboard to exploit weaknesses, potentially granting unauthorized access to sensitive data or functionality. HPE emphasizes the importance of securing the physical environment of these servers, as they will not provide fixes for the affected models. It is crucial to employ robust physical security measures to prevent unauthorized access to safeguard your systems.
Affected Version(s)
HPE ProLiant BL460c Gen10 Server Blade; HPE ProLiant DL360 Gen10 Server; HPE ProLiant DL380 Gen10 Server; HPE ProLiant DL560 Gen10 Server; HPE ProLiant DL580 Gen10 Server; HPE ProLiant ML110 Gen10 Server; HPE ProLiant XL230k Gen10 Server; HPE Synergy 480 Gen10 Compute Module; HPE Synergy 660 Gen10 Compute Module; HPE ProLiant DL180 Gen10 Server; HPE ProLiant DL160 Gen10 Server; HPE ProLiant DL120 Gen10 Server; HPE ProLiant XL190r Gen10 Server; HPE ProLiant ML350 Gen10 Server; HPE ProLiant XL170r Gen10 Server; HPE Apollo 2000 System; HPE Apollo 4500 System; HPE ProLiant XL270d Gen10 Server; HPE Apollo 4200 Gen10 Server; HPE ProLiant e910 Server Blade; HPE ProLiant XL450 Gen10 Server; HPE ProLiant XL230k Gen10 Server - bad oid all current IE firmware
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved