Insufficient Access Control in Intel Ethernet Controllers by Intel
CVE-2020-24492

4.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) 722 Ethernet Controllers
Vendor: CVE Published:; 17 February 2021

What is CVE-2020-24492?

The firmware for Intel's 722 Ethernet Controllers, prior to version 1.5, contains a flaw related to insufficient access control. This vulnerability may allow a privileged user to conduct local actions that could result in a denial of service condition. This risk underlines the importance of ensuring firmware is up-to-date and securely configured to mitigate potential local exploits.

Affected Version(s)

Intel(R) 722 Ethernet Controllers before version 1.5

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2021
Vulnerability Reserved
Aug 19, 2020