Support Center
0 result(s) found
No result found
HPESBHF04155 rev.1 - HPE Gen10 Servers Using Certain Intel Processors, Multiple Local Vulnerabilities

HPESBHF04155 rev.1 - HPE Gen10 Servers Using Certain Intel Processors, Multiple Local Vulnerabilities

Document Subtype: Security Bulletin|Document ID: hpesbhf04155en_us|Last Updated: 2021-06-09|Release Date: 2021-06-08|Document Version: 1

Potential Security Impact: Local: Denial of Service (DoS), Disclosure of Information, Escalation of Privilege

Source: Hewlett Packard Enterprise, HPE Product Security Response Team

VULNERABILITY SUMMARY

Security vulnerabilities in the BIOS firmware of certain Intel processors in certain Gen10 HPE servers may allow disclosure of information, escalation of privilege, or denial of service. HPE is releasing firmware updates to mitigate these vulnerabilities.

For more information on these vulnerabilities, please refer to Intel SAs:

  • Intel Security Advisory INTEL-SA-00464
  • Intel Security Advisory INTEL-SA-00463
  • Intel Security Advisory INTEL-SA-00459
References:
  • CVE-2020-8670 - Escalation of Privilege, INTEL-SA-00463
  • CVE-2020-24511 - Disclosure of Information, INTEL-SA-00464
  • CVE-2020-24512 - Disclosure of Information, INTEL-SA-00464
  • CVE-2020-24509 - Escalation of Privilege, INTEL-SA-00459
  • CVE-2020-12357 - Escalation of Privilege, INTEL-SA-00463

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HPE ProLiant DL20 Gen10 Server - Prior to version 2.3.0, and SPS v 05.01.04.303
  • HPE ProLiant ML30 Gen10 Server - Prior to version 2.3.0, and SPS v05.01.04.303
  • HPE ProLiant MicroServer Gen10 - Prior to version 2.3.0, and SPS v 05.01.04.303

BACKGROUND

HPE calculates CVSS using CVSS Version 3.1. If the score is provided from NIST, we will display Version 2.0, 3.0, or 3.1 as provided from NVD.
Reference
V3 Vector
V3 Base Score
V2 Vector
V2 Base Score
CVE-2020-12357
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.5
(AV:L/AC:H/Au:M/C:C/I:C/A:C)
5.9
CVE-2020-24509
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N
6.7
(AV:L/AC:L/Au:N/C:P/I:C/A:N)
5.6
CVE-2020-24511
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.6
(AV:L/AC:H/Au:N/C:C/I:N/A:N)
4.0
CVE-2020-24512
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
2.8
(AV:L/AC:H/Au:N/C:P/I:N/A:N)
1.2
CVE-2020-8670
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.5
(AV:L/AC:H/Au:M/C:C/I:C/A:C)
5.9
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002

RESOLUTION

HPE is providing updated firmware to mitigate these vulnerabilities in Gen10 servers with affected Intel processors.

Please visit HPE Support Center to obtain firmware updates for your products.

HISTORY
Version:1 (rev.1) - 8 June 2021 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product:

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

©Copyright 2025 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HPE nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise Development and the names of Hewlett Packard Enterprise Development products referenced herein are trademarks of Hewlett Packard Enterprise Development in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Recently Viewed
  • HPESBST04170 rev.1 - HPE Simplivity 380 Gen9 Systems Using Certain Intel Processors, Local Escalation of Privilege
    • Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.
    Hewlett Packard Enterprise believes in being unconditionally inclusive. Efforts to replace noninclusive terms in our active products are ongoing.
    wiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwi