Strix
26.1K

CVE-2020-24457

HIGHCVSS 7.6/10EPSS 0.39%

Last modified

CVE-2020-24457 is a high-severity vulnerability rated 7.6/10 on the CVSS scale. Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

Metrics

CVSS 3.1
7.6/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.39%

30.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
IntelCore I7-8665ue FirmwareAll versions
IntelCore I7-8665u FirmwareAll versions
IntelCore I7-8557u FirmwareAll versions
IntelCore I7-8850h FirmwareAll versions
IntelCore I7-8809g FirmwareAll versions
IntelCore I7-8750h FirmwareAll versions
IntelCore I7-8709g FirmwareAll versions
IntelCore I7-8706g FirmwareAll versions
IntelCore I7-8705g FirmwareAll versions
IntelCore I7-8700t FirmwareAll versions
IntelCore I7-8700k FirmwareAll versions
IntelCore I7-8700b FirmwareAll versions
IntelCore I7-8700 FirmwareAll versions
IntelCore I7\+8700 FirmwareAll versions
IntelCore I7-8569u FirmwareAll versions
IntelCore I7-8650u FirmwareAll versions
IntelCore I7-8565u FirmwareAll versions
IntelCore I7-8559u FirmwareAll versions
IntelCore I7-8550u FirmwareAll versions
IntelCore I7-8500y FirmwareAll versions
IntelCore I7-8086k FirmwareAll versions
IntelCore I9-9980hk FirmwareAll versions
IntelCore I9-9880h FirmwareAll versions
IntelCore I9-9900t FirmwareAll versions
IntelCore I9-9900ks FirmwareAll versions
IntelCore I9-9900kf FirmwareAll versions
IntelCore I9-9900k FirmwareAll versions
IntelCore I9-9900 FirmwareAll versions
IntelCore I7-10875h FirmwareAll versions
IntelCore I7-10870h FirmwareAll versions
IntelCore I7-10850h FirmwareAll versions
IntelCore I7-10810u FirmwareAll versions
IntelCore I7-10750h FirmwareAll versions
IntelCore I7-10710u FirmwareAll versions
IntelCore I7-10700te FirmwareAll versions
IntelCore I7-10700t FirmwareAll versions
IntelCore I7-10700kf FirmwareAll versions
IntelCore I7-10700k FirmwareAll versions
IntelCore I7-10700f FirmwareAll versions
IntelCore I7-10700e FirmwareAll versions
IntelCore I7-10700 FirmwareAll versions
IntelCore I7-1065g7 FirmwareAll versions
IntelCore I7-10610u FirmwareAll versions
IntelCore I7-1060g7 FirmwareAll versions
IntelCore I7-1068ng7 FirmwareAll versions
IntelCore I7-10510u FirmwareAll versions
IntelCore I7-10510y FirmwareAll versions
IntelPentium Silver N5000 FirmwareAll versions
IntelPentium Silver J5040 FirmwareAll versions
IntelPentium Silver J5005 FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-24457?
Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
How severe is CVE-2020-24457?
CVE-2020-24457 has a CVSS score of 7.6/10 (HIGH severity). The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.
How do I fix CVE-2020-24457?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-24457?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST