Vulnerability in Intel Ethernet Controller firmware (CVE-2020-8696)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2020-047 CVE-2020-8696 11/27/2020 low v1

Vulnerability details

Improper supression of sensitive data in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow an authenticated user to potentially enable information disclosure.


Impacted products

Stormshield Network Security low SNS is impacted


Version Date Description
v1 05/27/2020 Initial release


Stormshield Network Security

CVSS v3.1 Overall Score: 3.2      


Impacted version

This vulnerability could allow an attacker with a local access (ability to run on SNS his own code or script) to the appliance to potentialy enable information disclosure.

As this vulnerability can only be exploited locally, it can not provide an external attacker access to an SNS appliance.

On SNS, local access are only granted to user with the highest privileges. Therefore an exploitation of this vulnerability is useless to a SNS local user.

The following models are impacted :

  • SN2100
  • SN3100
  • SN6100

Version >= 3.7

Workaround solution


In order to mitigate the risk of exploitation keep your appliance updated.

A fix for this vulnerability has been delivered in the version 4.2.2.

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local High Low None Changed Low None None
CVSS Base score: 2.8 CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 2.5 CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 3.2 CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)