Improper XML External Entity Restrictions in Intel Quartus Prime Editions
CVE-2020-24454
7.5HIGH
Key Information:
- Vendor
Intel
- Vendor
- CVE Published:
- 12 November 2020
What is CVE-2020-24454?
The vulnerability arises from improper handling of XML External Entity (XXE) references in the Intel Quartus Prime Pro and Standard Editions. This flaw allows an unauthenticated user to exploit the system via network access, potentially leading to unauthorized information disclosure. Users of affected versions should upgrade to the latest releases to mitigate the security risk.
Affected Version(s)
Intel(R) Quartus(R) Prime Pro Edition and Intel(R) Quartus(R) Prime Standard Edition Intel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2