Vulnerability Name:

CVE-2020-8704 (CCN-203399)

Assigned:2020-02-06
Published:2021-06-08
Updated:2022-04-22
Summary:Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS v3 Severity:6.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2020-8704

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

Source: XF
Type: UNKNOWN
intel-cve20208704-priv-esc(203399)

Source: CCN
Type: Lenovo Security Advisory: LEN-51731
Intel CSME, SPS, and LMS Advisory

Source: CCN
Type: INTEL-SA-00459
2021.1 IPU – Intel CSME, SPS and LMS Advisory

Source: MISC
Type: Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:intel:local_manageability_service:*:*:*:*:*:*:*:* (Version < 2039.1.0.0)

  • Configuration 2:
  • cpe:/o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*

  • Configuration 7:
  • cpe:/o:siemens:simatic_ipc527g_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:simatic_ipc527g:-:*:*:*:*:*:*:*

  • Configuration 8:
  • cpe:/o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*

  • Configuration 9:
  • cpe:/o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:* (Version < 25.02.10)
  • AND
  • cpe:/h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*

  • Configuration 10:
  • cpe:/o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:* (Version < 25.02.10)
  • AND
  • cpe:/h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*

  • Configuration 11:
  • cpe:/o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:* (Version < 25.02.10)
  • AND
  • cpe:/h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*

  • Configuration 12:
  • cpe:/o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:* (Version < 25.02.10)
  • AND
  • cpe:/h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*

  • Configuration 13:
  • cpe:/o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    intel local manageability service *
    siemens simatic field pg m5 firmware *
    siemens simatic field pg m5 -
    siemens simatic field pg m6 firmware *
    siemens simatic field pg m6 -
    siemens simatic ipc427e firmware *
    siemens simatic ipc427e -
    siemens simatic ipc477e firmware *
    siemens simatic ipc477e -
    siemens simatic ipc477e pro firmware *
    siemens simatic ipc477e pro -
    siemens simatic ipc527g firmware *
    siemens simatic ipc527g -
    siemens simatic ipc547g firmware *
    siemens simatic ipc547g -
    siemens simatic ipc627e firmware *
    siemens simatic ipc627e -
    siemens simatic ipc647e firmware *
    siemens simatic ipc647e -
    siemens simatic ipc677e firmware *
    siemens simatic ipc677e -
    siemens simatic ipc847e firmware *
    siemens simatic ipc847e -
    siemens simatic itp1000 firmware *
    siemens simatic itp1000 -