Buffer Restriction Flaw in Intel CSME Products
CVE-2020-8703

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Csme Versions
Vendor: CVE Published:; 9 June 2021

🔔 Create Intel Vulnerability Alert

What is CVE-2020-8703?

An improper buffer restriction issue exists within the Intel CSME subsystem, affecting multiple versions prior to 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, and 15.0.22. This flaw allows a privileged user with local access to potentially escalate their privileges, posing serious security risks to system integrity. Users are encouraged to update to the latest versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210611-0004/

x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-30957...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Feb 6, 2020

.

CVE-2020-8703 : Buffer Restriction Flaw in Intel CSME Products