Vulnerability Details CVE-2020-12355
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.9%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.6
References
- https://security.netapp.com/advisory/ntap-20201113-0005/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391
- https://security.netapp.com/advisory/ntap-20201113-0005/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391
- https://www.kb.cert.org/vuls/id/231329
Products affected by CVE-2020-12355
-
cpe:2.3:o:intel:trusted_execution_engine:3.0
-
cpe:2.3:o:intel:trusted_execution_engine:3.1.75
-
cpe:2.3:o:intel:trusted_execution_engine:3.1.80
-
cpe:2.3:o:intel:trusted_execution_engine:4.0.25