Insecure Initialization in Intel Boot Guard and Management Engine
CVE-2020-8705

6.8MEDIUM

Key Information:

Vendor
Intel
Status
Intel(r) Boot Guard, Intel(r) Csme, Intel(r) Txe, Intel(r) Sps
Vendor
CVE Published:
12 November 2020

Summary

This vulnerability involves insecure default initialization in Intel's Boot Guard and various CSME versions. It may allow an unauthenticated individual with physical access to potentially escalate privileges, posing a significant security risk. Versions prior to specified releases are at risk, underlining the importance of timely software updates to mitigate potential threats.

Affected Version(s)

Intel(R) Boot Guard, Intel(R) CSME, Intel(R) TXE, Intel(R) SPS Intel CSME(R) versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201113-0004/
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20201113-0005/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.