Description
A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04002en_us
Scores
CVSS v3
6.8
EPSS
0.0008
EPSS Percentile
22.9%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (21)
hp/apollo_2000_firmware
hp/apollo_4200_gen10_firmware
hp/apollo_4500_firmware
hp/proliant_bl460c_gen10_firmware
hp/proliant_dl120_gen10_firmware
hp/proliant_dl160_gen10_firmware
hp/proliant_dl180_gen10_firmware
hp/proliant_dl360_gen10_firmware
hp/proliant_dl380_gen10_firmware
hp/proliant_dl560_gen10_firmware
... and 11 more
Published
Nov 05, 2020
Tracked Since
Feb 18, 2026