#VU26090 Path traversal in Intel products - CVE-2020-0520
Published: March 16, 2020
Vulnerability identifier: #VU26090
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0520
CWE-ID: CWE-22
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
3rd Generation Intel Core Processors
4th generation Intel Core processors
5th generation Intel Core processors
6th Generation Intel Core Processors
7th Generation Intel Core Processors
8th Generation Intel Core Processors
10th Generation Intel Core Processors
9th Generation Intel Core Processors
3rd Generation Intel Core Processors
4th generation Intel Core processors
5th generation Intel Core processors
6th Generation Intel Core Processors
7th Generation Intel Core Processors
8th Generation Intel Core Processors
10th Generation Intel Core Processors
9th Generation Intel Core Processors
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in igdkmd64.sys for several Intel Graphics Drivers. A local user can send a specially crafted HTTP request and read arbitrary files on the system, leading to escalation of privilege or denial of service.
Remediation
Install updates from vendor's website.