CVE-2020-8722

Vulnerability

A buffer overflow vulnerability exists in a subsystem of certain Intel Server Boards, Server Systems, and Compute Modules prior to firmware version 1.59. The specific affected products include select models of Intel Server Board S2600WF, S2600BP, S2600ST, and M50CYP families, as well as Intel Server System R1000WF, R2000WF, R1000BP, R2000BP, R1000ST, R2000ST, and Intel Compute Module HNS2600BP and HNS2600ST families. The vulnerability can be triggered when a privileged user interacts with the subsystem [1].

Exploitation

An attacker requires local access and existing privileged credentials (e.g., administrator or root) to exploit the vulnerability. The attacker must send specially crafted input to the affected subsystem, causing a buffer overflow. No user interaction beyond the attacker's own actions is needed [1].

Impact

Successful exploitation could allow the attacker to escalate privileges beyond their current level, potentially gaining unauthorized access to sensitive system resources or achieving full control of the device. The outcome is escalation of privilege [1].

Mitigation

Intel has released firmware version 1.59 to fix this vulnerability. Affected users should update their system firmware to the latest version as provided by their system manufacturer. No other workarounds are available. The vulnerability is not listed on the CISA KEV at this time [1].