PT-2020-4867 · Intel · Intel Csme Driver+1

Published

2020-11-10

·

Updated

2021-07-21

·

CVE-2020-12297

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Intel CSME Driver for Windows versions prior to 11.8.80 Intel CSME Driver for Windows versions prior to 11.12.80 Intel CSME Driver for Windows versions prior to 11.22.80 Intel CSME Driver for Windows versions prior to 12.0.70 Intel CSME Driver for Windows versions prior to 13.0.40 Intel CSME Driver for Windows versions prior to 13.30.10 Intel CSME Driver for Windows versions prior to 14.0.45 Intel CSME Driver for Windows versions prior to 14.5.25 Intel TXE version 3.1.80 Intel TXE version 4.0.30
Description: The issue is related to improper access control in the Installer for Intel CSME Driver and Intel TXE, which may allow an authenticated user to potentially enable escalation of privileges via local access. This is due to deficiencies in access control.
Recommendations: For Intel CSME Driver for Windows versions prior to 11.8.80, update to version 11.8.80 or later. For Intel CSME Driver for Windows versions prior to 11.12.80, update to version 11.12.80 or later. For Intel CSME Driver for Windows versions prior to 11.22.80, update to version 11.22.80 or later. For Intel CSME Driver for Windows versions prior to 12.0.70, update to version 12.0.70 or later. For Intel CSME Driver for Windows versions prior to 13.0.40, update to version 13.0.40 or later. For Intel CSME Driver for Windows versions prior to 13.30.10, update to version 13.30.10 or later. For Intel CSME Driver for Windows versions prior to 14.0.45, update to version 14.0.45 or later. For Intel CSME Driver for Windows versions prior to 14.5.25, update to version 14.5.25 or later. For Intel TXE version 3.1.80, update to a version later than 3.1.80. For Intel TXE version 4.0.30, update to a version later than 4.0.30.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2020-05421
CVE-2020-12297

Affected Products

Intel Csme Driver
Intel Txe