Описание
Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.
Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-8744
- https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf
- https://security.netapp.com/advisory/ntap-20201113-0002
- https://security.netapp.com/advisory/ntap-20201113-0004
- https://security.netapp.com/advisory/ntap-20201113-0005
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391
Связанные уязвимости
Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.
Уязвимость микропрограммного обеспечения Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE) и Intel Server Platform Services (SPS), связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии