PT-2020-4051 · Intel · Intel Csme
Published
2020-06-09
·
Updated
2021-07-21
·
CVE-2020-0533
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Intel(R) CSME versions prior to 11.8.76
Intel(R) CSME versions prior to 11.12.77
Intel(R) CSME versions prior to 11.22.77
Description:
The issue is related to a reversible one-way hash in Intel(R) CSME, which may allow a privileged user to potentially enable escalation of privilege, denial of service, or information disclosure via local access. This is due to insufficient password hash computation. The vulnerability can be exploited to gain elevated privileges, disclose protected information, or cause a denial of service.
Recommendations:
For Intel(R) CSME versions prior to 11.8.76, update to version 11.8.76 or later.
For Intel(R) CSME versions prior to 11.12.77, update to version 11.12.77 or later.
For Intel(R) CSME versions prior to 11.22.77, update to version 11.22.77 or later.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Intel Csme