What is CVE-2020-8755?

CVE-2020-8755 is a medium-severity vulnerability in Intel Converged_security_and_management_engine, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 6.4/10. Published 2020-11-12.

How severe is CVE-2020-8755?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Vulnerability in Intel Converged_security_and_management_engine

CVE-2020-8755

Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physica…

Vulnerability class: Race Condition

EPSS: 0.003 (19.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Intel Converged_security_and_management_engine
Intel Server_platform_services
N/a Intel(r) Csme, Sps — versions Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

secure@intel.com (x_refsource_MISC, Vendor Advisory)
secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2020-8755?: CVE-2020-8755 is a medium-severity vulnerability in Intel Converged_security_and_management_engine, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 6.4/10. Published 2020-11-12.
How severe is CVE-2020-8755?: Medium severity. CVSS v3 base score is 6.4 out of 10.