Security Advisory
1) Improper Initialization
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-12357
CWE-ID: CWE-665 - Improper Initialization
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in the firmware. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
2nd Generation Intel Xeon Scalable Processor: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon Processor D Family: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon Processor W Family: All versions
10th generation Intel Core processors: All versions
8th generation Intel Core processors: All versions
7th generation Intel Core processors: All versions
6th generation Intel Core processors: All ..
Support the originator by clicking the read the rest link below.
