CVE-2020-8698

Published: Nov 12, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Affected (17)

Products: Intel: Microcode · Netapp: Clustered Data Ontap, Hci Compute Node Bios, Hci Storage Node Bios, Solidfire Bios · Fedoraproject: Fedora · +2 more

Show all products

1 product

4 products

Hci Compute Node Bios

Hci Storage Node Bios

1 product

1 product

10 products

Simatic Field Pg M5 Firmware

Simatic Field Pg M6 Firmware

Simatic Ipc427e Firmware

Simatic Ipc477e Firmware

Simatic Ipc477e Pro Firmware

Simatic Ipc627e Firmware

Simatic Ipc647e Firmware

Simatic Ipc677e Firmware

Simatic Ipc847e Firmware

Simatic Itp1000 Firmware

Configuration A

1 vulnerable · 19 platform

Vulnerable Software	Affected Versions
Intel Microcode	All versions

Running on/with	Platform Versions
Intel Core I3 1000g1	All versions
Intel Core I3 1000g4	All versions
Intel Core I3 1005g1	All versions
Intel Core I3 1110g4	All versions
Intel Core I3 1115g4	All versions
Intel Core I3 1120g4	All versions
Intel Core I3 1125g4	All versions
Intel Core I5 1030g4	All versions
Intel Core I5 1030g7	All versions
Intel Core I5 1035g1	All versions
Intel Core I5 1035g4	All versions
Intel Core I5 1035g7	All versions
Intel Core I5 1130g7	All versions
Intel Core I5 1135g7	All versions
Intel Core I7 1060g7	All versions
Intel Core I7 1065g7	All versions
Intel Core I7 1160g7	All versions
Intel Core I7 1165g7	All versions
Intel Core I7 1185g7	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci Compute Node Bios	All versions

Running on/with	Platform Versions
Netapp Hci Compute Node	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci Storage Node Bios	All versions

Running on/with	Platform Versions
Netapp Hci Storage Node	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Solidfire Bios	All versions

Running on/with	Platform Versions
Netapp Solidfire	All versions

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Field Pg M5 Firmware	Before 22.01.08

Running on/with	Platform Versions
Siemens Simatic Field Pg M5	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Field Pg M6 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Field Pg M6	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Ipc427e Firmware	Before 21.01.15

Running on/with	Platform Versions
Siemens Simatic Ipc427e	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Ipc477e Firmware	Before 21.01.15

Running on/with	Platform Versions
Siemens Simatic Ipc477e	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Ipc477e Pro Firmware	Before 21.01.15

Running on/with	Platform Versions
Siemens Simatic Ipc477e Pro	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Ipc627e Firmware	Before 25.02.08

Running on/with	Platform Versions
Siemens Simatic Ipc627e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Ipc647e Firmware	Before 25.02.08

Running on/with	Platform Versions
Siemens Simatic Ipc647e	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Ipc677e Firmware	Before 25.02.08

Running on/with	Platform Versions
Siemens Simatic Ipc677e	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Ipc847e Firmware	Before 25.02.08

Running on/with	Platform Versions
Siemens Simatic Ipc847e	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Itp1000 Firmware	Before 23.01.08

Running on/with	Platform Versions
Siemens Simatic Itp1000	All versions

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (10)

https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf

Source: secure@intel.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html

Source: secure@intel.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/

Source: secure@intel.com

https://security.netapp.com/advisory/ntap-20201113-0006/

Source: secure@intel.com

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381

Source: secure@intel.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf