CVE-2020-8705

EPSS 0.72%
Published 12.11.2020 18:15:16
Last modified 21.11.2024 05:39:17
Source secure@intel.com
Teams watchlist Login
Open Login

Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Intel ≫ Converged Security And Manageability Engine Version < 11.8.80

Intel ≫ Converged Security And Manageability Engine Version >= 11.12.0 < 11.12.80

Intel ≫ Converged Security And Manageability Engine Version >= 11.22.0 < 11.22.80

Intel ≫ Converged Security And Manageability Engine Version >= 12.0 < 12.0.70

Intel ≫ Converged Security And Manageability Engine Version >= 13.0 < 13.0.40

Intel ≫ Converged Security And Manageability Engine Version >= 13.30.0 < 13.30.10

Intel ≫ Converged Security And Manageability Engine Version >= 14.0 < 14.0.45

Intel ≫ Trusted Execution Technology Version3.1.80

Intel ≫ Trusted Execution Technology Version4.0.30

Intel ≫ Server Platform Services Versionsps_e3_04.01.04.200

Intel ≫ Server Platform Services Versionsps_e5_04.01.04.400

Intel ≫ Server Platform Services Versionsps_soc-a_04.00.04.300

Intel ≫ Server Platform Services Versionsps_soc-x_04.00.04.200

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.72%	0.717

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://security.netapp.com/advisory/ntap-20201113-0002/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201113-0005/

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Vendor Advisory

https://security.netapp.com/advisory/ntap-20201113-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8705

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8705

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8705

EUVD