cvelistv5 - cve-2020-8675

CVE-2020-8675 (GCVE-0-2020-8675)

Vulnerability from cvelistv5

Published

2020-06-15 13:52

Modified

2024-08-04 10:03

Severity ?

CWE

Escalation of Privilege

Summary

Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

References

URL

Tags

	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	Intel(R)Innovation Engine Advisory	Version: before version 1.0.859

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R)Innovation Engine Advisory",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 1.0.859"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-15T13:52:47",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-8675",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R)Innovation Engine Advisory",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before version 1.0.859"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2020-8675",
    "datePublished": "2020-06-15T13:52:47",
    "dateReserved": "2020-02-06T00:00:00",
    "dateUpdated": "2024-08-04T10:03:46.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8675\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2020-06-15T14:15:12.517\",\"lastModified\":\"2024-11-21T05:39:14.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\"},{\"lang\":\"es\",\"value\":\"Una administraci\u00f3n del flujo de control insuficiente en la herramienta de compilaci\u00f3n y firma del firmware para Intel\u00ae Innovation Engine versiones anteriores a 1.0.859, puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso f\u00edsico\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:innovation_engine_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.859\",\"matchCriteriaId\":\"218FC82B-6D79-4821-90CD-AD48F50ECF70\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:innovation_engine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63AEBCF-DD25-4DAB-AFAB-8CC931AE0AC5\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-353

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel . Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions antérieures à 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12
Intel	N/A	certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model
Intel	N/A	Intel SSD DC séries P4511 (m.2) versions antérieures à VDV10170
Intel	N/A	les processeurs Intel Core de génération 7, 8, 9 et 10 sans la dernière mise à jour du BIOS
Intel	N/A	Intel SSD DC séries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions antérieures à VDV10170
Intel	N/A	Intel SSD D3-S4510 séries M.2 FF versions antérieures à XC311120
Intel	N/A	Intel Innovation Engine Build and Signing Tool versions antérieures à 1.0.859

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00366 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00295 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00322 du 09 juin 2020	None	vendor-advisory
Liste de processeurs Intel vulnérables du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00320 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00266 du 09 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4511 (m.2) versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "les processeurs Intel Core de g\u00e9n\u00e9ration 7, 8, 9 et 10 sans la derni\u00e8re mise \u00e0 jour du BIOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD D3-S4510 s\u00e9ries M.2 FF versions ant\u00e9rieures \u00e0 XC311120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Innovation Engine Build and Signing Tool versions ant\u00e9rieures \u00e0 1.0.859",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0529"
    },
    {
      "name": "CVE-2020-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0531"
    },
    {
      "name": "CVE-2020-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0532"
    },
    {
      "name": "CVE-2020-0528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0528"
    },
    {
      "name": "CVE-2020-0538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0538"
    },
    {
      "name": "CVE-2020-8674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8674"
    },
    {
      "name": "CVE-2020-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8675"
    },
    {
      "name": "CVE-2020-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0594"
    },
    {
      "name": "CVE-2020-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0586"
    },
    {
      "name": "CVE-2020-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0541"
    },
    {
      "name": "CVE-2020-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0536"
    },
    {
      "name": "CVE-2020-0595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0595"
    },
    {
      "name": "CVE-2020-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0535"
    },
    {
      "name": "CVE-2020-0566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0566"
    },
    {
      "name": "CVE-2020-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0540"
    },
    {
      "name": "CVE-2020-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0597"
    },
    {
      "name": "CVE-2020-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0533"
    },
    {
      "name": "CVE-2020-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0539"
    },
    {
      "name": "CVE-2020-0542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0542"
    },
    {
      "name": "CVE-2020-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0537"
    },
    {
      "name": "CVE-2020-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
    },
    {
      "name": "CVE-2020-0527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0527"
    },
    {
      "name": "CVE-2020-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0596"
    },
    {
      "name": "CVE-2020-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0534"
    },
    {
      "name": "CVE-2020-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0545"
    }
  ],
  "initial_release_date": "2020-06-10T00:00:00",
  "last_revision_date": "2020-06-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-353",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel\n. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00366 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00295 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00322 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html"
    },
    {
      "published_at": null,
      "title": "Liste de processeurs Intel vuln\u00e9rables du 09 juin 2020",
      "url": "https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00320 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00266 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"
    }
  ]
}

cnvd-2021-37066

Vulnerability from cnvd

Title

Intel Innovation Engine Build and Signing Tool权限提升漏洞

Description

Intel Innovation Engine是美国英特尔（Intel）公司的一款Intel创新引擎，它是外围控制器中枢（PCH）的嵌入式核心。Build and Signing Tool是其中的一个构建和签名工具。 Intel Innovation Engine 1.0.859之前版本中的Build and Signing Tool存在权限提升漏洞。物理位置临近的攻击者可利用该漏洞提升权限。

Severity

中

Patch Name

Intel Innovation Engine Build and Signing Tool权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html

Reference

https://www.auscert.org.au/bulletins/ESB-2020.1993/

Impacted products

Name
Intel Intel Innovation Engine <1.0.859

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8675"
    }
  },
  "description": "Intel Innovation Engine\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3eIntel\u521b\u65b0\u5f15\u64ce\uff0c\u5b83\u662f\u5916\u56f4\u63a7\u5236\u5668\u4e2d\u67a2\uff08PCH\uff09\u7684\u5d4c\u5165\u5f0f\u6838\u5fc3\u3002Build and Signing Tool\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6784\u5efa\u548c\u7b7e\u540d\u5de5\u5177\u3002\n\nIntel Innovation Engine 1.0.859\u4e4b\u524d\u7248\u672c\u4e2d\u7684Build and Signing Tool\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-37066",
  "openTime": "2021-05-25",
  "patchDescription": "Intel Innovation Engine\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3eIntel\u521b\u65b0\u5f15\u64ce\uff0c\u5b83\u662f\u5916\u56f4\u63a7\u5236\u5668\u4e2d\u67a2\uff08PCH\uff09\u7684\u5d4c\u5165\u5f0f\u6838\u5fc3\u3002Build and Signing Tool\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6784\u5efa\u548c\u7b7e\u540d\u5de5\u5177\u3002\r\n\r\nIntel Innovation Engine 1.0.859\u4e4b\u524d\u7248\u672c\u4e2d\u7684Build and Signing Tool\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Innovation Engine Build and Signing Tool\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Intel Innovation Engine \u003c1.0.859"
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2020.1993/",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-11",
  "title": "Intel Innovation Engine Build and Signing Tool\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

gsd-2020-8675

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-8675

Aliases

CVE-2020-8675

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8675",
    "description": "Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",
    "id": "GSD-2020-8675"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8675"
      ],
      "details": "Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",
      "id": "GSD-2020-8675",
      "modified": "2023-12-13T01:21:53.667032Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2020-8675",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R)Innovation Engine Advisory",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before version 1.0.859"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:innovation_engine_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.859",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:innovation_engine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-8675"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-06-15T14:15Z"
    }
  }
}

fkie_cve-2020-8675

Vulnerability from fkie_nvd

Published

2020-06-15 14:15

Modified

2024-11-21 05:39

Severity ?

6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	innovation_engine_firmware	*
	intel	innovation_engine	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:innovation_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "218FC82B-6D79-4821-90CD-AD48F50ECF70",
              "versionEndExcluding": "1.0.859",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:innovation_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63AEBCF-DD25-4DAB-AFAB-8CC931AE0AC5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
    },
    {
      "lang": "es",
      "value": "Una administraci\u00f3n del flujo de control insuficiente en la herramienta de compilaci\u00f3n y firma del firmware para Intel\u00ae Innovation Engine versiones anteriores a 1.0.859, puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso f\u00edsico"
    }
  ],
  "id": "CVE-2020-8675",
  "lastModified": "2024-11-21T05:39:14.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-15T14:15:12.517",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-6fwj-c62c-xvxm

Vulnerability from github

Published

2022-05-24 17:20

Modified

2022-05-24 17:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",
  "id": "GHSA-6fwj-c62c-xvxm",
  "modified": "2022-05-24T17:20:35Z",
  "published": "2022-05-24T17:20:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8675"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-8675 (GCVE-0-2020-8675)

Vulnerability from cvelistv5

CERTFR-2020-AVI-353

Vulnerability from certfr_avis

Solution

cnvd-2021-37066

Vulnerability from cnvd

gsd-2020-8675

Vulnerability from gsd

fkie_cve-2020-8675

Vulnerability from fkie_nvd

ghsa-6fwj-c62c-xvxm

Vulnerability from github

Tags

Sightings

Nomenclature