PT-2020-4859 · Intel · Intel Trusted Execution Engine+1
Published
2020-11-10
·
Updated
2025-03-28
·
CVE-2020-8745
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Intel Converged Security and Manageability Engine (CSME) versions prior to 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45, and 14.5.25
Intel Trusted Execution Engine (TXE) versions prior to 3.1.80 and 4.0.30
Description:
The issue is related to insufficient control flow management in the subsystem, which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. This could permit an attacker to elevate their privileges.
Recommendations:
For Intel Converged Security and Manageability Engine (CSME) versions prior to 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45, and 14.5.25, update to a version that includes the necessary security patches.
For Intel Trusted Execution Engine (TXE) versions prior to 3.1.80 and 4.0.30, update to a version that includes the necessary security patches.
As a temporary workaround, consider restricting physical access to the system to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Converged Security/Manageability Engine
Intel Trusted Execution Engine