Use After Free in Intel Converged_security_and_manageability_engine
CVE-2020-12303
Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of…
Vulnerability class: Use-After-Free
EPSS: 0.004 (28.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Intel Converged_security_and_manageability_engine
- Intel Trusted_execution_technology — versions 3.1.80, 4.0.30
- N/a Intel(r) Csme, Txe — versions Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30
Weakness classification (CWE)
References
- secure@intel.com (x_refsource_MISC, Vendor Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
Frequently asked questions
- What is CVE-2020-12303?
- CVE-2020-12303 is a high-severity vulnerability in Intel Converged_security_and_manageability_engine, classified under Use After Free. CVSS score: 7.8/10. Published 2020-11-12.
- How severe is CVE-2020-12303?
- High severity. CVSS v3 base score is 7.8 out of 10.