Race Condition Vulnerability in Intel CSME and SPS Products
CVE-2020-8755

6.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Csme, Intel(r) Sps
Vendor: CVE Published:; 12 November 2020

🔔 Create Intel Vulnerability Alert

What is CVE-2020-8755?

A race condition exists in the Intel CSME and SPS subsystems that may allow an unauthenticated user with physical access to escalate their privileges. Affected versions of these products could potentially be exploited, resulting in significant security risks. Organizations should review the Intel security advisories for mitigation strategies and updates to prevent exploitation.

Affected Version(s)

Intel(R) CSME, Intel(R) SPS Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20201113-0004/

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20201113-0002/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2020
Vulnerability Reserved
Feb 6, 2020

.