Improper Authentication in Intel RealSense ID F450 and Intel RealSense ID F455 - CVE-2020-24514

 

Improper Authentication in Intel RealSense ID F450 and Intel RealSense ID F455 - CVE-2020-24514

Published: June 16, 2021


Vulnerability identifier: #VU54160
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-24514
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Intel
Affected software:
Intel RealSense ID F450
Intel RealSense ID F455

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication process and gain elevated privileges on the system.


How to mitigate CVE-2020-24514

Install updates from vendor's website.

Sources