Endpoint Management Assistant
CVE-2020-12315
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
AnalysisAI
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Affected products include: Intel Endpoint Management Assistant. Version information: version 1.3.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before versio
Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable
Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable
Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potent
Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentiall
Same weakness CWE-22 – Path Traversal
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today