Intel Raid Web Console 3 add server denial-of-service vulnerability [CVE-2020-8688]
CVE number – CVE-2020-8688
A remote, exploitable denial-of-service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can lead to a null pointer dereference in the Intel Raid Web Console server. This would result in a denial of service until the user restarts LSA.exe. A remote unauthenticated attacker can send a POST request to trigger this vulnerability.
Intel RAID Web Console 3 (RWC3) software is a web-based application that monitors, maintains, troubleshoots and configures functions for Intel RAID products. The RWC3 graphical user interface (GUI) simplifies the viewing of an existing server hardware configuration, as well as creating and managing storage configurations.
Tested Versions
Intel Raid Web Console 3 v007.009.011.000
Dowloads – https://downloadcenter.intel.com/download/29449?v=t
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.