HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-12303

CVSS 7.8v3.1pub. 2020-11-12upd. 2024-11-21

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Intel Converged Security And Manageability Engine

    APP
    Intel
    < 11.8.8011.12.0 – 11.12.80 (bez)11.22.0 – 11.22.80 (bez)12.0 – 12.0.70 (bez)14.0 – 14.0.45 (bez)14.5.0 – 14.5.25 (bez)
  • Intel Trusted Execution Technology

    APP
    Intel
    3.1.804.0.30
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2020-12297HIGH7.8ten sam produkt

Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 1...

CVE-2019-0091HIGH7.8ten sam produkt

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0....

CVE-2009-0066HIGH7.6ten sam produkt

Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow att...

CVE-2022-26047MEDIUM4.3ten sam produkt

Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi ...

CVE-2020-24507MEDIUM4.4ten sam produkt

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0....