{"containers": {"cna": {"affected": [{"product": "Intel(R) CSME, Intel TXE", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access."}], "problemTypes": [{"descriptions": [{"description": "escalation of privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-13T09:06:32", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20201113-0005/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20201113-0002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-12297", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) CSME, Intel TXE", "version": {"version_data": [{"version_value": "versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "escalation of privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391"}, {"name": "https://security.netapp.com/advisory/ntap-20201113-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201113-0005/"}, {"name": "https://security.netapp.com/advisory/ntap-20201113-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201113-0002/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:50.467Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20201113-0005/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20201113-0002/"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-12297", "datePublished": "2020-11-12T18:05:39", "dateReserved": "2020-04-28T00:00:00", "dateUpdated": "2024-08-04T11:56:50.467Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA64E7EE-8977-4427-9FF9-DD9FE80F02C6", "versionEndExcluding": "11.8.80", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DDDD0D3-CE11-49C7-93F7-F2AA1053DD86", "versionEndExcluding": "11.12.80", "versionStartIncluding": "11.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A5C4B3E-3C68-4D2B-A181-18A71378362E", "versionEndExcluding": "11.22.80", "versionStartIncluding": "11.22.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB22E6F2-D34F-4A05-9CC2-BCAF3E84F54E", "versionEndExcluding": "12.0.70", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "94D40FF5-8E0A-4591-9CE4-2E671C8E4F2E", "versionEndExcluding": "14.0.45", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B323721-380E-4222-AB7A-9993BF8DA653", "versionEndExcluding": "14.5.25", "versionStartIncluding": "14.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:trusted_execution_technology:3.1.80:*:*:*:*:*:*:*", "matchCriteriaId": "F77A0250-5C61-4087-9ED0-315D64FDA70B", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:trusted_execution_technology:4.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "D9417CE8-97BF-4BB6-AF2A-1FC8C2B4A05B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access."}, {"lang": "es", "value": "Un control de acceso inapropiado en el Instalador para Intel\u00ae CSME Driver para Windows versiones anteriores a 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 y 14.5.25, Intel TXE versiones 3.1.80, 4.0.30, pueden habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local"}], "id": "CVE-2020-12297", "lastModified": "2024-11-21T04:59:28.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-12T18:15:13.457", "references": [{"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201113-0002/"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201113-0005/"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201113-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201113-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}