Vulnerability identifier: #VU60450
Vulnerability risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-653
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Intel C620A Series Chipset
Hardware solutions /
Firmware
Intel C620 Series Chipset
Hardware solutions /
Firmware
Intel C240 Series Chipset
Hardware solutions /
Firmware
Intel Atom Processor P5000 Series
Hardware solutions /
Firmware
Intel C610 Series Chipset
Hardware solutions /
Firmware
Intel Xeon Processor D 1500
Hardware solutions /
Firmware
Intel C600 Series Chipset
Hardware solutions /
Firmware
Intel Xeon D Processor 2000 Series
Hardware solutions /
Firmware
Intel Xeon W Processor 1300 Series
Hardware solutions /
Firmware
11th Generation Intel Core Processors
Hardware solutions /
Firmware
Intel C624D chipset
Hardware solutions /
Firmware
Intel Celeron Processor 6000 Series
Hardware solutions /
Firmware
Intel Pentium Gold Processor Series
Hardware solutions /
Firmware
Vendor:
Description
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient compartmentalization in HECI subsystem for the Intel(R) SPS. An attacker with physical access to the system can execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00470.html
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.