CVE-2020-8708

Vulnerability

Improper authentication in the firmware of certain Intel(R) Server Boards, Server Systems, and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access [1]. The affected products require the attacker to have network access to the management interface from the same Layer-2 network segment.

Exploitation

An unauthenticated attacker with adjacent network access can exploit this vulnerability without any prior authentication or user interaction. The exact sequence of steps is not publicly detailed, but the flaw is reachable over the network and does not require any special privileges or configuration changes [1].

Impact

Successful exploitation could allow an attacker to escalate privileges, potentially gaining administrative control over the affected server platform. This could lead to full compromise of the system's management firmware and the host operating system, resulting in information disclosure, denial of service, or further lateral movement within the network [1].

Mitigation

Intel has released firmware version 1.59 to address this vulnerability. Users should update their server boards, systems, and compute modules to version 1.59 or later. No workarounds have been provided for unpatched systems [1]. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.