Improper XML External Entity Restrictions in Intel Quartus Prime Editions
CVE-2020-24454

7.5HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Quartus(r) Prime Pro Edition And Intel(r) Quartus(r) Prime Standard Edition
Vendor: CVE Published:; 12 November 2020

What is CVE-2020-24454?

The vulnerability arises from improper handling of XML External Entity (XXE) references in the Intel Quartus Prime Pro and Standard Editions. This flaw allows an unauthenticated user to exploit the system via network access, potentially leading to unauthorized information disclosure. Users of affected versions should upgrade to the latest releases to mitigate the security risk.

Affected Version(s)

Intel(R) Quartus(R) Prime Pro Edition and Intel(R) Quartus(R) Prime Standard Edition Intel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2020
Vulnerability Reserved
Aug 19, 2020