Multiple vulnerabilities in Intel RealSense ID
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-24515 CVE-2020-24514 |
| CWE-ID | CWE-693 CWE-287 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel RealSense ID F450 Hardware solutions / Firmware Intel RealSense ID F455 Hardware solutions / Firmware |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Protection Mechanism Failure
EUVDB-ID: #VU54159
Risk: Low
CVSSv4.0: 0.7 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24515
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. An attacker with physical access can bypass implemented security restrictions and elevate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel RealSense ID F450: All versions
Intel RealSense ID F455: All versions
CPE2.3- cpe:2.3:h:intel:intel_realsense_id_f450:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_realsense_f455:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00460.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU54160
Risk: Low
CVSSv4.0: 0.7 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24514
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication process and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel RealSense ID F450: All versions
Intel RealSense ID F455: All versions
CPE2.3- cpe:2.3:h:intel:intel_realsense_id_f450:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_realsense_f455:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00460.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
