MEDIUM✓ PATCH🇬🇧 English

CVE-2020-8705

CVSS 6.8v3.1pub. 2020-11-12upd. 2024-11-21

Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

oryginał EN
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Intel Converged Security And Manageability Engine

    APP
    Intel
    < 11.8.8011.12.0 – 11.12.80 (bez)11.22.0 – 11.22.80 (bez)12.0 – 12.0.70 (bez)13.0 – 13.0.40 (bez)13.30.0 – 13.30.10 (bez)14.0 – 14.0.45 (bez)
  • Intel Server Platform Services

    APP
    Intel
    sps_e3_04.01.04.200sps_e5_04.01.04.400sps_soc-a_04.00.04.300sps_soc-x_04.00.04.200
  • Intel Trusted Execution Technology

    APP
    Intel
    3.1.804.0.30
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2022-36348HIGH8.8ten sam produkt

Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticat...

CVE-2020-8744HIGH7.8ten sam produkt

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and ...

CVE-2020-12297HIGH7.8ten sam produkt

Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 1...

CVE-2020-12303HIGH7.8ten sam produkt

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.4...

CVE-2020-0586HIGH7.8ten sam produkt

Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.0...