PT-2020-4360 · Intel · Intel Computing Improvement Program

Eran Shimony

Published

2020-08-11

Updated

2021-07-21

CVE-2020-8736

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Intel Computing Improvement Program versions prior to 2.4.5718

Description: The issue is caused by improper access control in the Intel Computing Improvement Program, which may allow an authenticated user to potentially enable escalation of privilege via local access. This is due to errors in privilege management.

Recommendations: For versions prior to 2.4.5718, update to version 2.4.5718 or later to resolve the issue. As a temporary workaround, consider restricting local access to the Intel Computing Improvement Program to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2020-04864

CVE-2020-8736

Affected Products

Intel Computing Improvement Program

PT-2020-4360 · Intel · Intel Computing Improvement Program

CVE-2020-8736

Weakness Enumeration

Related Identifiers

Affected Products

References · 4