#VU46549 Permissions, Privileges, and Access Controls in Intel products - CVE-2020-0571
Vulnerability identifier: #VU46549
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
8th Generation Intel Core Processors
Hardware solutions /
Firmware
10th Generation Intel Core Processors
Hardware solutions /
Firmware
Intel Pentium Processor Silver Series
Hardware solutions /
Firmware
9th Generation Intel Core Processors
Client/Desktop applications /
Web browsers
Vendor: Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper conditions check in BIOS firmware for 8th Generation Intel(R)
Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series. A local user can run a specially crafted program to gain access to sensitive information.
Mitigation
Intel recommends that users of above Intel® products update to the
latest BIOS version provided by the system manufacturer that addresses
these issues.
Vulnerable software versions
8th Generation Intel Core Processors: 15.33.49.5100 - 3349
9th Generation Intel Core Processors: 15.33.49.5100 - 26.20.100.7755
10th Generation Intel Core Processors: 15.33.49.5100 - 26.20.100.7755
Intel Pentium Processor Silver Series: All versions
External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
