CVE-2020-24516

CVE Database · CVE-2020-24516

CVE-2020-24516

· MEDIUMModified

CVSS v3.1

6.8

EPSS

0.27%

Published

Jun 9, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products (292)

intel · converged_security_and_manageability_engine (up to 13.0.47)vulnerable

intel · core_i3-1000g1

intel · core_i3-1000g4

intel · core_i3-1000ng4

intel · core_i3-1005g1

intel · core_i3-10100

intel · core_i3-10100e

intel · core_i3-10100f

intel · core_i3-10100t

intel · core_i3-10100te

intel · core_i3-10100y

intel · core_i3-10105

intel · core_i3-10105f

References (4)

https://security.netapp.com/advisory/ntap-20210625-0008/

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20210625-0008/

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs