Path traversal in Intel products - CVE-2020-0507
Published: March 17, 2020
Vulnerability identifier: #VU26113
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0507
CWE-ID: CWE-22
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
3rd Generation Intel Core Processors
4th generation Intel Core processors
5th generation Intel Core processors
6th Generation Intel Core Processors
7th Generation Intel Core Processors
8th Generation Intel Core Processors
10th Generation Intel Core Processors
9th Generation Intel Core Processors
3rd Generation Intel Core Processors
4th generation Intel Core processors
5th generation Intel Core processors
6th Generation Intel Core Processors
7th Generation Intel Core Processors
8th Generation Intel Core Processors
10th Generation Intel Core Processors
9th Generation Intel Core Processors
Detailed vulnerability description
The vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to unquoted service path in several Intel Graphics Drivers. A local administrator can send a specially crafted HTTP request, read arbitrary files on the system and perform a denial of service (DoS) attack.
How to mitigate CVE-2020-0507
Install update from vendor's website.