CVE-2020-8744 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2020-8744?

CVE-2020-8744 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8744?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Converged Security And Management Engine, Intel Server Platform Services, Intel Trusted Execution Engine, Siemens Simatic S7-1518-4 Pn\/Dp Mfp Firmware, Siemens Simatic S7-1518-4 Pn\/Dp Mfp.

Vulnerability Description

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Intel	Converged Security And Management Engine	< 12.0.70
Intel	Server Platform Services	< e3_05.01.04.200
Intel	Trusted Execution Engine	< 4.0.30
Siemens	Simatic S7-1518-4 Pn\/Dp Mfp Firmware	-
Siemens	Simatic S7-1518-4 Pn\/Dp Mfp	-
Siemens	Simatic S7-1518F-4 Pn\/Dp Mfp Firmware	-
Siemens	Simatic S7-1518F-4 Pn\/Dp Mfp	-
Siemens	Simatic S7-1500 Firmware	-
Siemens	Simatic S7-1500	-

Related Weaknesses (CWE)

CWE-665

References

https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdfPatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20201113-0002/Third Party Advisory
https://security.netapp.com/advisory/ntap-20201113-0004/Third Party Advisory
https://security.netapp.com/advisory/ntap-20201113-0005/Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdfPatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20201113-0002/Third Party Advisory
https://security.netapp.com/advisory/ntap-20201113-0004/Third Party Advisory
https://security.netapp.com/advisory/ntap-20201113-0005/Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391Vendor Advisory

FAQ

What is CVE-2020-8744?

CVE-2020-8744 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 ...

How severe is CVE-2020-8744?

CVE-2020-8744 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8744?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Converged Security And Management Engine, Intel Server Platform Services, Intel Trusted Execution Engine, Siemens Simatic S7-1518-4 Pn\/Dp Mfp Firmware, Siemens Simatic S7-1518-4 Pn\/Dp Mfp.