Vulnerability Details CVE-2020-8755
Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.0%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 4.4
References
- https://security.netapp.com/advisory/ntap-20201113-0002/
- https://security.netapp.com/advisory/ntap-20201113-0004/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391
- https://security.netapp.com/advisory/ntap-20201113-0002/
- https://security.netapp.com/advisory/ntap-20201113-0004/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391
Products affected by CVE-2020-8755
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.11.0
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.11.65
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.22.0
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.22.65
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.8.0
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.8.65
-
cpe:2.3:a:intel:converged_security_and_management_engine:12.0
-
cpe:2.3:a:intel:converged_security_and_management_engine:12.0.35
-
cpe:2.3:a:intel:converged_security_and_management_engine:14.0.0
-
cpe:2.3:a:intel:server_platform_services:*
-
cpe:2.3:a:intel:server_platform_services:e3_05.01.04.200