CVE-2020-8722 - OpenCVE

Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Intel	Server Board S1200sps Compute Module Hns2600bpq24r Server System Vrn2208wfaf83 Server System R2224wttys Compute Module Hns2600bps Compute Module Hns2600kp Server System Lr1304spcfg1 Server System R2000wt Firmware Server System Vrn2208wfaf81 Server System R1208wttgsr Server Board S1200spo Server System R2208wt2ysr Server System R1304wf0ysr Server Board S2600wf0 Server System R2312wftzsr Server Board S2600bps Compute Module Hns2600bpblc Server System R2000wf Firmware Server Board S2600st Firmware Compute Module S2600tp Firmware Server Board S2600bpqr Server System R1304sposhbnr Compute Module Hns2600bpb24 Server System R2312wttysr Server Board S2600wttr Server Board S2600wtt Server Board S2600bpsr Compute Module Hns2600bpb24r Server System R1304wttgs Server System R2308wttys Server System R1208sposhorr Server Board S2600cwtr Server Board S2600bp Firmware Server Board S2600kpr Compute Module Hns2600bpbr Server System Lsvrp4304es6xx1 Compute Module Hns2600bpsr Server System R1304wt2gs Server Board S2600wt2 Server Board S2600tpf Server System R1304wt2gsr Server Board S2600cw2r Server Board S2600cw2s Server System R2312wftzs Server System Lsvrp Firmware Server System R2208wftzs Server System R1000wt Firmware Compute Module Hns2600bpqr Compute Module Hns2600tpf Server System Lr1304spcfg1r Server System R1208wttgs Compute Module Hns2600bpq24 Server System R2208wfqzsr Server System R1208wftys Server System R1304wftys Server System R1208sposhor Server Board S2600stq Server Board S2600cw Server System R2208wttyc1 Server Board S2600wt Firmware Server Board S2600stbr Server Board S2600wftr Server System R1000wf Firmware Server System Lnetcnt3y Server Board S1200spl Server System R1208wt2gsr Server Board S2600kpfr Server System Lsvrp4304es6xxr Server Board S1200spor Server Board S2600wt2r Compute Module Hns2600bps24 Compute Module Hns2600tp24r Server System R1304wftysr Server Board S2600bpbr Compute Module Hns2600kpfr Server System R2312wf0np Compute Module Hns2600bpblc24 Server Board S2600kptr Server System R2208wftzsr Compute Module Hns2600tp Server Board S2600stb Server System R2312wttys Server System R2208wfqzs Compute Module Hns2600bpq Server Board S2600wfqr Server System R1304sposhorr Server System Vrn2208wfhy6 Compute Module Hns2600bpblcr Compute Module Hns2600bp Firmware Server Board S2600cwt Server Board S2600tp Server System R2308wttysr Server Board S2600tpr Server System R2224wttysr Server Board S2600wfq Server Board S2600cw2sr Compute Module Hns2600kpr Server Board S2600bpb Server Board S1200splr Server Board S2600kp Server System Mcb2208wfhy2 Compute Module Hns2600tp24sr Server Board S1200spsr Server Board S1200sp Firmware Server System Mcb2208wfaf6 Server System R2208wt2ys Server Board S2600cwts Compute Module Hns2600tpfr Server System Lr1304spcfsgx1 Server System R1208wftysr Server System Vrn2208wfaf82 Server System R2312wfqzs Compute Module Hns2600tp Firmware Server System R2208wf0zsr Server System Vrn2208waf6 Server System R1000sp Firmware Server System R1208wttgsbpp Server Board S2600kpf Server System R2208wttyc1r Server System Nb2208wfqnfvi Server System R1208wt2gs Server System R1208wfqysr Server Board S2600stqr Server System R2308wftzsr Server Board S2600kp Firmware Server System R1304wf0ys Server Board S2600wft Compute Module Hns2600bpblc24r Server Board S2600wf0r Server System R1304sposhbn Compute Module Hns2600kpf Server System Mcb2208wfaf5 Server System Lr1304sp Firmware Server System R1304sposhor Compute Module Hns2600tpr Server System R2312wf0npr Server Board S2600cwtsr Compute Module Hns2600kp Firmware Server System R2224wftzs Compute Module Hns2600bpb Server Board S2600bpq Compute Module Hns2600bps24r Server System R2208wttysr Server System R1304wttgsr Server Board S2600wf Firmware Server System R2208wf0zs Server System R2224wfqzs Server System R2224wftzsr Server Board S2600cw2 Server Board S2600tpfr Server System Mcb2208wfaf4 Server System R2308wftzs Server System R2208wttys

Configuration 1 [-]

AND

cpe:2.3:o:intel:server_board_s2600wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600wt2:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wt2r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wtt:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wttr:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:intel:server_system_r1000wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r1208wt2gs:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wt2gsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgs:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgsbpp:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wttgsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wt2gs:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wt2gsr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wttgs:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wttgsr:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:intel:server_system_r2000wt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r2208wt2ys:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wt2ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttyc1:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttyc1r:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wttysr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wttys:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wttysr:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:intel:server_board_s2600cw:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:intel:server_board_s2600cw2:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2r:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2s:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cw2sr:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwt:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwtr:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwts:-:::::::*
	cpe:2.3:a:intel:server_board_s2600cwtsr:-:::::::*

Configuration 5 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600kp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600kp:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpf:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpfr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600kpr:-:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:intel:server_board_s2600kp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600kp:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpf:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpfr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kpr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600kptr:-:::::::*

Configuration 7 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600tp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600tp:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tp24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tp24sr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpf:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpfr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600tpr:-:::::::*

Configuration 8 [-]

AND

cpe:2.3:o:intel:compute_module_s2600tp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600tp:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpf:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpfr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600tpr:-:::::::*

Configuration 9 [-]

AND

cpe:2.3:o:intel:server_board_s1200sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s1200spl:-:::::::*
	cpe:2.3:h:intel:server_board_s1200splr:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spo:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spor:-:::::::*
	cpe:2.3:h:intel:server_board_s1200sps:-:::::::*
	cpe:2.3:h:intel:server_board_s1200spsr:-:::::::*

Configuration 10 [-]

AND

cpe:2.3:o:intel:server_system_lr1304sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lr1304spcfg1:-:::::::*
	cpe:2.3:h:intel:server_system_lr1304spcfg1r:-:::::::*
	cpe:2.3:h:intel:server_system_lr1304spcfsgx1:-:::::::*

Configuration 11 [-]

AND

cpe:2.3:o:intel:server_system_lsvrp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lsvrp4304es6xx1:-:::::::*
	cpe:2.3:h:intel:server_system_lsvrp4304es6xxr:-:::::::*

Configuration 12 [-]

AND

cpe:2.3:o:intel:server_system_r1000sp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r1208sposhor:-:::::::*
	cpe:2.3:h:intel:server_system_r1208sposhorr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhbn:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhbnr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhor:-:::::::*
	cpe:2.3:h:intel:server_system_r1304sposhorr:-:::::::*

Configuration 13 [-]

AND

cpe:2.3:o:intel:server_board_s2600wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600wf0:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wf0r:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wfqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wft:-:::::::*
	cpe:2.3:h:intel:server_board_s2600wftr:-:::::::*

Configuration 14 [-]

AND

cpe:2.3:o:intel:server_system_r1000wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_lnetcnt3y:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf4:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf5:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfaf6:-:::::::*
	cpe:2.3:h:intel:server_system_mcb2208wfhy2:-:::::::*
	cpe:2.3:h:intel:server_system_nb2208wfqnfvi:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wfqysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1208wftysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftys:-:::::::*
	cpe:2.3:h:intel:server_system_r1304wftysr:-:::::::*

Configuration 15 [-]

AND

cpe:2.3:o:intel:server_system_r2000wf_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_system_r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wf0zsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wfqzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2208wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2224wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2308wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0np:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wf0npr:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzs:-:::::::*
	cpe:2.3:h:intel:server_system_r2312wftzsr:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208waf6:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf81:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf82:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfaf83:-:::::::*
	cpe:2.3:h:intel:server_system_vrn2208wfhy6:-:::::::*

Configuration 16 [-]

AND

cpe:2.3:o:intel:server_board_s2600st_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600stb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600stqr:-:::::::*

Configuration 17 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:compute_module_hns2600bpb:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpb24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblc24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpblcr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpbr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpqr:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bps24r:-:::::::*
	cpe:2.3:h:intel:compute_module_hns2600bpsr:-:::::::*

Configuration 18 [-]

AND

cpe:2.3:o:intel:server_board_s2600bp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:server_board_s2600bpb:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpbr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpq:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpqr:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bps:-:::::::*
	cpe:2.3:h:intel:server_board_s2600bpsr:-:::::::*

References

Link	Resource
https://security.netapp.com/advisory/ntap-20200814-0002/	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html	Vendor Advisory