What is CVE-2020-12303?

CVE-2020-12303 is a vulnerability that allows an authenticated user to potentially enable escalation of privileges via local access in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, and Intel(R) TXE 3.1.80 and 4.0.30.

What is the severity of CVE-2020-12303?

The severity of CVE-2020-12303 is high with a CVSS score of 7.8.

How can an attacker exploit CVE-2020-12303?

An attacker can exploit CVE-2020-12303 by gaining authenticated local access and potentially enabling escalation of privileges.

Which software versions are affected by CVE-2020-12303?

Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45, and 14.5.25, and Intel(R) TXE 3.1.80 and 4.0.30 are affected by CVE-2020-12303.

Where can I find more information about CVE-2020-12303?

You can find more information about CVE-2020-12303 on the NetApp Security Advisory (NTAP-20201113-0002) and Intel Security Center Advisory (INTEL-SA-00391) websites.

Vulnerability/
CVE-2020-12303

high

7.8

CWE

416

12/11/2020

4/8/2024

CVE-2020-12303: Use After Free

First published: Thu Nov 12 2020(Updated: )

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

Credit: secure@intel.com

Affected Software	Affected Version	How to fix
Intel Converged Security And Manageability Engine	<11.8.80
Intel Converged Security And Manageability Engine	>=11.12.0<11.12.80
Intel Converged Security And Manageability Engine	>=11.22.0<11.22.80
Intel Converged Security And Manageability Engine	>=12.0<12.0.70
Intel Converged Security And Manageability Engine	>=14.0<14.0.45
Intel Converged Security And Manageability Engine	>=14.5.0<14.5.25
Intel Trusted Execution Technology	=3.1.80
Intel Trusted Execution Technology	=4.0.30

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-12303?
CVE-2020-12303 is a vulnerability that allows an authenticated user to potentially enable escalation of privileges via local access in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, and Intel(R) TXE 3.1.80 and 4.0.30.
What is the severity of CVE-2020-12303?
The severity of CVE-2020-12303 is high with a CVSS score of 7.8.
How can an attacker exploit CVE-2020-12303?
An attacker can exploit CVE-2020-12303 by gaining authenticated local access and potentially enabling escalation of privileges.
Which software versions are affected by CVE-2020-12303?
Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45, and 14.5.25, and Intel(R) TXE 3.1.80 and 4.0.30 are affected by CVE-2020-12303.
Where can I find more information about CVE-2020-12303?
You can find more information about CVE-2020-12303 on the NetApp Security Advisory (NTAP-20201113-0002) and Intel Security Center Advisory (INTEL-SA-00391) websites.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/description
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/intel
canonical/intel converged security and manageability engine
version/intel converged security and manageability engine/11.12.0
version/intel converged security and manageability engine/11.22.0
version/intel converged security and manageability engine/12.0
version/intel converged security and manageability engine/14.0
version/intel converged security and manageability engine/14.5.0
canonical/intel trusted execution technology
version/intel trusted execution technology/3.1.80
version/intel trusted execution technology/4.0.30