Vulnerabilities > CVE-2020-8705 - Insecure Default Initialization of Resource vulnerability in Intel products

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

intel

CWE-1188

NVD

Published: 2020-11-12

Updated: 2020-11-30

Summary

Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

Vulnerable Configurations

Part	Description	Count
Application	Intel Intel Converged Security AND Manageability Engine * Intel Converged Security AND Manageability Engine 13.30.0 Intel Trusted Execution Technology 3.1.80 Intel Trusted Execution Technology 4.0.30 Intel Server Platform Services Sps_E3_04.01.04.200 Intel Server Platform Services Sps_E5_04.01.04.400 Intel Server Platform Services Sps_Soc-A_04.00.04.300 Intel Server Platform Services Sps_Soc-X_04.00.04.200	8

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References