Insufficient Control Flow Management in Intel CSME and TXE Products
CVE-2020-8745

6.8MEDIUM

Key Information:

Vendor
Intel
Status
Intel(r) Csme, Intel(r) Txe
Vendor
CVE Published:
12 November 2020

Summary

This vulnerability arises from insufficient control flow management in Intel's CSME and TXE subsystems. An unauthenticated user with physical access could potentially exploit this weakness to escalate privileges, thereby gaining unauthorized control over the system. Effective mitigation requires upgrading to the recommended versions specified by Intel to ensure protection against potential exploitation.

Affected Version(s)

Intel(R) CSME, Intel(R) TXE Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201113-0005/
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20201113-0002/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.