Buffer Restriction Flaw in Intel CSME Products
CVE-2020-8703

6.7MEDIUM

Key Information:

Vendor
Intel
Status
Intel(r) Csme Versions
Vendor
CVE Published:
9 June 2021

Summary

An improper buffer restriction issue exists within the Intel CSME subsystem, affecting multiple versions prior to 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, and 15.0.22. This flaw allows a privileged user with local access to potentially escalate their privileges, posing serious security risks to system integrity. Users are encouraged to update to the latest versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210611-0004/
x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-30957...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.