PT-2020-4735 · Intel · Intel Csme

Published

2020-11-10

Updated

2020-11-30

CVE-2020-8761

CVSS v3.1

4.6

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Intel(R) CSME versions prior to 13.0.40 Intel(R) CSME versions prior to 13.30.10

Description: The issue is related to inadequate encryption strength in a subsystem, which may allow an unauthenticated user to potentially enable information disclosure via physical access. This is connected to the algorithmic complexity of the Intel Converged Security and Manageability Engine (CSME) subsystem. Exploitation of the issue could allow an attacker to gain unauthorized access to protected information.

Recommendations: For Intel(R) CSME versions prior to 13.0.40, update to version 13.0.40 or later. For Intel(R) CSME versions prior to 13.30.10, update to version 13.30.10 or later.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407CWE-326

Related Identifiers

BDU:2020-05287

CVE-2020-8761

Affected Products

Intel Csme

PT-2020-4735 · Intel · Intel Csme

CVE-2020-8761

Weakness Enumeration

Related Identifiers

Affected Products

References · 7