RCE in Intel Converged_security_and_manageability_engine
CVE-2020-8705
Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS…
EPSS: 0.005 (39.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Intel Converged_security_and_manageability_engine
- Intel Server_platform_services — versions sps_e3_04.01.04.200, sps_e5_04.01.04.400, sps_soc-a_04.00.04.300
- Intel Trusted_execution_technology — versions 3.1.80, 4.0.30
- N/a Intel(r) Boot Guard, Csme, Txe, Sps — versions Intel CSME(R) versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300
Weakness classification (CWE)
References
- secure@intel.com (x_refsource_MISC, Vendor Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
Frequently asked questions
- What is CVE-2020-8705?
- CVE-2020-8705 is a medium-severity vulnerability in Intel Converged_security_and_manageability_engine, classified under Initialization of a Resource with an Insecure Default. CVSS score: 6.8/10. Published 2020-11-12.
- How severe is CVE-2020-8705?
- Medium severity. CVSS v3 base score is 6.8 out of 10.