How severe is CVE-2020-12297?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2020-12297 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Intel Converged_security_and_manageability_engine

CVE-2020-12297

Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially…

EPSS: 0.004 (35.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Intel Converged_security_and_manageability_engine
Intel Trusted_execution_technology — versions 3.1.80, 4.0.30
N/a Intel(r) Csme, Intel Txe — versions versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30

Public proof-of-concept exploits

sahnoun11/sahnoun11

References

secure@intel.com (x_refsource_MISC, Vendor Advisory)
secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2020-12297?: CVE-2020-12297 is a high-severity vulnerability in Intel Converged_security_and_manageability_engine. CVSS score: 7.8/10. Published 2020-11-12.
How severe is CVE-2020-12297?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2020-12297 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.