Vulnerability Description
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Trusted Execution Engine | < 4.0.30 |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20201113-0005/Third Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391Vendor Advisory
- https://security.netapp.com/advisory/ntap-20201113-0005/Third Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391Vendor Advisory
- https://www.kb.cert.org/vuls/id/231329
FAQ
What is CVE-2020-12355?
CVE-2020-12355 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of p...
How severe is CVE-2020-12355?
CVE-2020-12355 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12355?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Trusted Execution Engine.