PT-2020-4737 · Intel · Intel Sps+1
Published
2020-11-10
·
Updated
2020-11-20
·
CVE-2020-8755
CVSS v3.1
6.4
Medium
| Vector | AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Intel CSME versions prior to 12.0.70
Intel CSME versions prior to 14.0.45
Intel SPS versions prior to E5 04.01.04.400
Intel SPS versions prior to E3 05.01.04.200
Description:
The issue is caused by a race condition in the subsystem for Intel Converged Security and Manageability Engine (CSME) and Intel Server Platform Services (SPS) due to synchronization errors when using a shared resource. This may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Recommendations:
For Intel CSME versions prior to 12.0.70, update to version 12.0.70 or later.
For Intel CSME versions prior to 14.0.45, update to version 14.0.45 or later.
For Intel SPS versions prior to E5 04.01.04.400, update to version E5 04.01.04.400 or later.
For Intel SPS versions prior to E3 05.01.04.200, update to version E3 05.01.04.200 or later.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Csme
Intel Sps