PT-2020-4944 · Intel · Intel Quartus Prime Standard+1

Published

2020-11-10

Updated

2020-12-01

CVE-2020-24454

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Intel Quartus Prime Pro versions prior to 20.3 Intel Quartus Prime Standard versions prior to 20.2

Description: The issue is related to improper restriction of XML external entity references, which could allow a remote attacker to gain unauthorized access to protected information. This may enable information disclosure via network access.

Recommendations: For Intel Quartus Prime Pro versions prior to 20.3, update to version 20.3 or later. For Intel Quartus Prime Standard versions prior to 20.2, update to version 20.2 or later.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

BDU:2020-05519

CVE-2020-24454

Affected Products

Intel Quartus Prime Pro

Intel Quartus Prime Standard

PT-2020-4944 · Intel · Intel Quartus Prime Standard+1

CVE-2020-24454

Weakness Enumeration

Related Identifiers

Affected Products

References · 6