Insufficient Control Flow Management in Intel CSME and TXE Products
CVE-2020-8751

4.6MEDIUM

Key Information:

Vendor
Intel
Status
Intel(r) Csme, Intel(r) Txe
Vendor
CVE Published:
12 November 2020

Summary

The vulnerability arises from insufficient control flow management in the Intel CSME and TXE subsystems. This flaw potentially allows an unauthenticated user to gain access to sensitive information through physical access, posing a security risk for systems utilizing affected versions of these technologies. It is essential for users and organizations to ensure they are running the latest firmware updates to mitigate any potential risks.

Affected Version(s)

Intel(R) CSME, Intel(R) TXE versions before 11.8.80, Intel(R) TXE versions before 3.1.80

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201113-0005/
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20201113-0002/
x_refsource_CONFIRM

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.