Race Condition Vulnerability in Intel CSME and SPS Products
CVE-2020-8755

6.4MEDIUM

Key Information:

Vendor
Intel
Status
Intel(r) Csme, Intel(r) Sps
Vendor
CVE Published:
12 November 2020

Summary

A race condition exists in the Intel CSME and SPS subsystems that may allow an unauthenticated user with physical access to escalate their privileges. Affected versions of these products could potentially be exploited, resulting in significant security risks. Organizations should review the Intel security advisories for mitigation strategies and updates to prevent exploitation.

Affected Version(s)

Intel(R) CSME, Intel(R) SPS Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201113-0004/
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20201113-0002/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.