Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | escalation of privilege |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-20201113-0005/ | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-20201113-0002/ | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf | x_refsource_CONFIRM |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391 | x_refsource_MISC x_transferred |
| https://security.netapp.com/advisory/ntap-20201113-0005/ | x_refsource_CONFIRM x_transferred |
| https://security.netapp.com/advisory/ntap-20201113-0002/ | x_refsource_CONFIRM x_transferred |
| https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf | x_refsource_CONFIRM x_transferred |
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.1 | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Primary | 2.0 | 4.6 | MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-noinfo | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf | secure@intel.com | Patch Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20201113-0002/ | secure@intel.com | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20201113-0005/ | secure@intel.com | Third Party Advisory |
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391 | secure@intel.com | Vendor Advisory |
| https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf | af854a3a-2127-422b-91ae-364da2661108 | Patch Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20201113-0002/ | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20201113-0005/ | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391 | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |