SB2020062311 - Privilege escalation in AMD Generic Encapsulated Software Architecture (AGESA)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020062311

SB2020062311 - Privilege escalation in AMD Generic Encapsulated Software Architecture (AGESA)

Published: June 23, 2020

Security Bulletin ID SB2020062311
CSH Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-12890)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to improper security restrictions in AMD’s client and embedded processors that came out between 2016 and 2019. An authenticated attacker with physical access can manipulate the AMD Generic Encapsulated Software Architecture (AGESA) and execute arbitrary code on the target system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References