CVE number – CVE-2020-8688
A remote, exploitable denial-of-service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can lead to a null pointer dereference in the Intel Raid Web Console server. This would result in a denial of service until the user restarts LSA.exe. A remote unauthenticated attacker can send a POST request to trigger this vulnerability.
Intel RAID Web Console 3 (RWC3) software is a web-based application that monitors, maintains, troubleshoots and configures functions for Intel RAID products. The RWC3 graphical user interface (GUI) simplifies the viewing of an existing server hardware configuration, as well as creating and managing storage configurations.
Intel Raid Web Console 3 v007.009.011.000