Vulnerabilities > CVE-2020-8705 - Insecure Default Initialization of Resource vulnerability in Intel products

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

intel

CWE-1188

NVD

Published: 2020-11-12

Updated: 2020-11-30

Summary

Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

Vulnerable Configurations

Part	Description	Count
Application	Intel Intel Converged Security AND Manageability Engine - Intel Converged Security AND Manageability Engine * Intel Converged Security AND Manageability Engine 13.30.0 Intel Converged Security AND Manageability Engine 13.0 Intel Trusted Execution Technology 3.1.80 Intel Trusted Execution Technology 4.0.30 Intel Server Platform Services Sps_Soc-A_04.00.04.300 Intel Server Platform Services Sps_Soc-X_04.00.04.200 Intel Server Platform Services Sps_E3_04.01.04.200 Intel Server Platform Services Sps_E5_04.01.04.400	10

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References