#VU46549 Permissions, Privileges, and Access Controls in Intel products - CVE-2020-0571
Published: September 9, 2020
Vulnerability identifier: #VU46549
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0571
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
8th Generation Intel Core Processors
10th Generation Intel Core Processors
Intel Pentium Processor Silver Series
9th Generation Intel Core Processors
8th Generation Intel Core Processors
10th Generation Intel Core Processors
Intel Pentium Processor Silver Series
9th Generation Intel Core Processors
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper conditions check in BIOS firmware for 8th Generation Intel(R)
Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series. A local user can run a specially crafted program to gain access to sensitive information.
Remediation
Intel recommends that users of above Intel® products update to the
latest BIOS version provided by the system manufacturer that addresses
these issues.