CVE-2020-7207 : A local elevation of privilege using physical access security vulnerability was

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.

Published 2020-11-05 21:15:13

Updated 2021-07-21 11:39:24

Source Hewlett Packard Enterprise (HPE)

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2020-7207

HP » Apollo 2000 Firmware » Version: N/A
cpe:2.3:o:hp:apollo_2000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Apollo 2000 » Version: N/A
HP » Proliant E910 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_e910_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant E910 » Version: N/A
HP » Apollo 4200 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:apollo_4200_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Apollo 4200 Gen10 » Version: N/A
HP » Apollo 4500 Firmware » Version: N/A
cpe:2.3:o:hp:apollo_4500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Apollo 4500 » Version: N/A
HP » Proliant Xl230k Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_xl230k_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Xl230k Gen10 » Version: N/A
HP » Proliant Xl270d Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_xl270d_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Xl270d Gen10 » Version: N/A
HP » Proliant Bl460c Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_bl460c_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Bl460c Gen10 » Version: N/A
HP » Proliant Dl120 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_dl120_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Dl120 Gen10 » Version: N/A
HP » Proliant Dl160 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_dl160_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Dl160 Gen10 » Version: N/A
HP » Proliant Dl180 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_dl180_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Dl180 Gen10 » Version: N/A
HP » Proliant Dl360 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_dl360_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Dl360 Gen10 » Version: N/A
HP » Proliant Dl380 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_dl380_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Dl380 Gen10 » Version: N/A
HP » Proliant Dl560 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_dl560_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Dl560 Gen10 » Version: N/A
HP » Proliant Dl580 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_dl580_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Dl580 Gen10 » Version: N/A
HP » Proliant Ml110 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_ml110_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Ml110 Gen10 » Version: N/A
HP » Proliant Ml350 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_ml350_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Ml350 Gen10 » Version: N/A
HP » Synergy 480 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:synergy_480_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Synergy 480 Gen10 » Version: N/A
HP » Synergy 660 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:synergy_660_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Synergy 660 Gen10 » Version: N/A
HP » Proliant Xl170r Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_xl170r_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Xl170r Gen10 » Version: N/A
HP » Proliant Xl190r Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_xl190r_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Xl190r Gen10 » Version: N/A
HP » Proliant Xl450 Gen10 Firmware » Version: N/A
cpe:2.3:o:hp:proliant_xl450_gen10_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proliant Xl450 Gen10 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-7207

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-7207

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-7207

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us

HPESBHF04002 rev.1 - HPE Proliant Gen10 Servers using Intel Innovation Engine, Local Elevation of Privilege
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-7207

Products affected by CVE-2020-7207

Exploit prediction scoring system (EPSS) score for CVE-2020-7207

CVSS scores for CVE-2020-7207

References for CVE-2020-7207