PT-2020-4000 · Intel · Intel Innovation Engine

Mark Ermolov

Published

2020-06-09

Updated

2021-07-21

CVE-2020-8675

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Intel(R) Innovation Engine versions prior to 1.0.859

Description: The issue is related to insufficient control flow management in the firmware build and signing tool, which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. This is also associated with insecure privilege management, allowing an attacker to potentially elevate their privileges.

Recommendations: For versions prior to 1.0.859, update to version 1.0.859 or later to resolve the issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2020-04394

CVE-2020-8675

Affected Products

Intel Innovation Engine

PT-2020-4000 · Intel · Intel Innovation Engine

CVE-2020-8675

Weakness Enumeration

Related Identifiers

Affected Products

References · 4