CVE-2020-12303
Summary
| CVE | CVE-2020-12303 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-12 18:15:00 UTC |
| Updated | 2020-11-24 17:16:00 UTC |
| Description | Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Intel | Converged Security And Manageability Engine | All | All | All | All |
| Application | Intel | Converged Security And Manageability Engine | All | All | All | All |
| Application | Intel | Trusted Execution Technology | 3.1.80 | All | All | All |
| Application | Intel | Trusted Execution Technology | 4.0.30 | All | All | All |
| Application | Intel | Trusted Execution Technology | 3.1.80 | All | All | All |
| Application | Intel | Trusted Execution Technology | 4.0.30 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Intel SA-00391 Intel TXE Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| Intel SA-00391 CSME Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| INTEL-SA-00391 | MISC | www.intel.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.