Improper access control in the PMC for some Intel(R) Processors

1) Insecure inherited permissions

EUVDB-ID: #VU45656

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-0559

CWE-ID: CWE-277 - Insecure inherited permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1. A local user can run a specially crafted program to escalate privileges on the system.

Mitigation

Intel recommends that users of affected Intel® Processors update to the latest BIOS firmware version provided by the system manufacturer that addresses this issue.

Vulnerable software versions

Intel Atom Processor E3900 Series: All versions

Intel Pentium Processor N Series: All versions

Intel Pentium Processor J Series: All versions

Intel Celeron Processor N Series: All versions

Intel Celeron Processor J Series: All versions

Intel Atom Processor A Series: All versions

CPE2.3

• cpe:2.3:h:intel:intel_atom_processor_e3900_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_n_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_j_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_celeron_processor_n_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_celeron_processor_j_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_atom_processor_a_series:*:*:*:*:*:*:*:*

External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00360.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.