1. Home
  2. CVE Database
  3. CVE-2020-24507
MEDIUM · 4.4

CVE-2020-24507

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user ...

Vulnerability Description

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IntelConverged Security And Manageability Engine< 12.0.81
IntelB360-
IntelB365-
IntelC242-
IntelC246-
IntelCeleron 4205U-
IntelCeleron 4305U-
IntelCeleron 4305Ue-
IntelCore I3-8100-
IntelCore I3-8100B-
IntelCore I3-8100H-
IntelCore I3-8100T-
IntelCore I3-8109U-
IntelCore I3-8121U-
IntelCore I3-8130U-
IntelCore I3-8140U-
IntelCore I3-8145U-
IntelCore I3-8145Ue-
IntelCore I3-8300-
IntelCore I3-8300T-

Related Weaknesses (CWE)

CWE-665

References

FAQ

What is CVE-2020-24507?

CVE-2020-24507 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user ...

How severe is CVE-2020-24507?

CVE-2020-24507 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24507?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Converged Security And Manageability Engine, Intel B360, Intel B365, Intel C242, Intel C246.