CVE-2020-0546

Published: Mar 12, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.

Affected (1)

Products: Intel: Optane Dc Persistent Memory Module Management

Intel

1 product

Optane Dc Persistent Memory Module Management

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Optane Dc Persistent Memory Module Management	Before 1.0.0.3461

Running on/with	Platform Versions
Microsoft Windows Server 2019	All versions

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00326.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00326.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.