#VU48681 Improper Initialization in Intel products - CVE-2020-8705
Published: November 12, 2020 / Updated: November 26, 2020
Vulnerability identifier: #VU48681
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-8705
CWE-ID: CWE-665
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Converged Security and Management Engine (CSME)
Intel Trusted Execution Engine Firmware
Intel Server Platform Services Firmware
Converged Security and Management Engine (CSME)
Intel Trusted Execution Engine Firmware
Intel Server Platform Services Firmware
Software vendor:
Intel
Intel
Description
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to improper initialization in Intel Boot Guard. An attacker with physical access can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
Remediation
Install updates from vendor's website.