CVE-2020-7207

6.8MEDIUM

Key Information:

Vendor
HP
Status
HP Proliant Bl460c Gen10 Server Blade; HP Proliant Dl360 Gen10 Server; HP Proliant Dl380 Gen10 Server; HP Proliant Dl560 Gen10 Server; HP Proliant Dl580 Gen10 Server; HP Proliant Ml110 Gen10 Server; HP Proliant Xl230k Gen10 Server; HP Synergy 480 Gen10 Compute Module; HP Synergy 660 Gen10 Compute Module; HP Proliant Dl180 Gen10 Server; HP Proliant Dl160 Gen10 Server; HP Proliant Dl120 Gen10 Server; HP Proliant Xl190r Gen10 Server; HP Proliant Ml350 Gen10 Server; HP Proliant Xl170r Gen10 Server; HP Apollo 2000 System; HP Apollo 4500 System; HP Proliant Xl270d Gen10 Server; HP Apollo 4200 Gen10 Server; HP Proliant E910 Server Blade; HP Proliant Xl450 Gen10 Server; HP Proliant Xl230k Gen10 Server - Bad Oid
Vendor
CVE Published:
5 November 2020

Summary

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

Affected Version(s)

HPE ProLiant BL460c Gen10 Server Blade; HPE ProLiant DL360 Gen10 Server; HPE ProLiant DL380 Gen10 Server; HPE ProLiant DL560 Gen10 Server; HPE ProLiant DL580 Gen10 Server; HPE ProLiant ML110 Gen10 Server; HPE ProLiant XL230k Gen10 Server; HPE Synergy 480 Gen10 Compute Module; HPE Synergy 660 Gen10 Compute Module; HPE ProLiant DL180 Gen10 Server; HPE ProLiant DL160 Gen10 Server; HPE ProLiant DL120 Gen10 Server; HPE ProLiant XL190r Gen10 Server; HPE ProLiant ML350 Gen10 Server; HPE ProLiant XL170r Gen10 Server; HPE Apollo 2000 System; HPE Apollo 4500 System; HPE ProLiant XL270d Gen10 Server; HPE Apollo 4200 Gen10 Server; HPE ProLiant e910 Server Blade; HPE ProLiant XL450 Gen10 Server; HPE ProLiant XL230k Gen10 Server - bad oid all current IE firmware

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.