CVE-2020-8705

Published: Nov 12, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

Affected (13)

Products: Intel: Converged Security And Manageability Engine, Trusted Execution Technology, Server Platform Services

Intel

3 products

Converged Security And Manageability Engine

Trusted Execution Technology

Server Platform Services

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Intel Converged Security And Manageability Engine	Before 11.8.80
Intel Converged Security And Manageability Engine	From 11.12.0 to 11.12.80
Intel Converged Security And Manageability Engine	From 11.22.0 to 11.22.80
Intel Converged Security And Manageability Engine	From 12.0 to 12.0.70
Intel Converged Security And Manageability Engine	From 13.0 to 13.0.40
Intel Converged Security And Manageability Engine	From 13.30.0 to 13.30.10
Intel Converged Security And Manageability Engine	From 14.0 to 14.0.45

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Intel Trusted Execution Technology	Version 3.1.80
Intel Trusted Execution Technology	Version 4.0.30

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Intel Server Platform Services	Version sps_e3_04.01.04.200
Intel Server Platform Services	Version sps_e5_04.01.04.400
Intel Server Platform Services	Version sps_soc-a_04.00.04.300
Intel Server Platform Services	Version sps_soc-x_04.00.04.200