CVE-2020-24457

Q: What is the severity of CVE-2020-24457?

CVE-2020-24457 has a CVSS score of 7.6 (HIGH). A logic error in BIOS firmware for certain Intel Core processors allows physical attackers to potentially escalate privileges, cause denial of service, or disclose information. This affects systems with 8th, 9th, and 10th Generation Intel Core processors. Physical access to the device is required for exploitation.

7.6 HIGH

📋 TL;DR

A logic error in BIOS firmware for certain Intel Core processors allows physical attackers to potentially escalate privileges, cause denial of service, or disclose information. This affects systems with 8th, 9th, and 10th Generation Intel Core processors. Physical access to the device is required for exploitation.

💻 Affected Systems

Products:

Intel Core Processors (8th, 9th, 10th Generation)

Versions: BIOS firmware versions prior to vendor patches

Operating Systems: All operating systems running on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems regardless of operating system. Vulnerability is in the processor's BIOS firmware.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could gain administrative control of the system, disable the device completely, or extract sensitive information from memory.

🟠

Likely Case

Physical attacker could bypass security controls to access restricted data or install persistent malware in firmware.

🟢

If Mitigated

With proper physical security controls, the risk is significantly reduced as exploitation requires direct hardware access.

🌐 Internet-Facing: LOW - This vulnerability requires physical access to the device and cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Internal attackers with physical access to vulnerable devices could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical access and BIOS/UEFI knowledge. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS updates provided by system manufacturers (OEMs)

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html

Restart Required: Yes

Instructions:

1. Check with your system manufacturer for BIOS/UEFI firmware updates. 2. Download the appropriate BIOS update for your specific system model. 3. Follow manufacturer instructions to apply the BIOS update. 4. Reboot the system to complete the update.

🔧 Temporary Workarounds

Physical Security Controls

all

Implement strict physical access controls to prevent unauthorized physical access to vulnerable systems.

BIOS Password Protection

all

Enable BIOS/UEFI password protection to restrict access to firmware settings.

🧯 If You Can't Patch

Implement strict physical security controls and limit physical access to vulnerable systems
Consider retiring or replacing systems that cannot be patched, especially for high-security environments

🔍 How to Verify

Check if Vulnerable:

Check your system's processor generation and BIOS version. Systems with 8th, 9th, or 10th Gen Intel Core processors are potentially vulnerable.

Check Version:

Windows: wmic bios get smbiosbiosversion | Linux: sudo dmidecode -s bios-version | macOS: system_profiler SPHardwareDataType

Verify Fix Applied:

Verify that BIOS/UEFI firmware has been updated to a version that addresses CVE-2020-24457 according to your system manufacturer's advisory.

📡 Detection & Monitoring

Log Indicators:

BIOS/UEFI firmware modification events
Physical security breach alerts
Unauthorized physical access logs

Network Indicators:

No network-based indicators as this is a physical access vulnerability

SIEM Query:

Search for BIOS/UEFI firmware update events or physical security access violations

📊 Metadata

CVE ID: CVE-2020-24457

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Published: September 14, 2020

Last Updated: November 21, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Core I7 10510u Firmware by Intel

Core I7 10510y Firmware by Intel

Core I7 1060g7 Firmware by Intel

Core I7 10610u Firmware by Intel

Core I7 1065g7 Firmware by Intel

Core I7 1068ng7 Firmware by Intel

Core I7 10700 Firmware by Intel

Core I7 10700e Firmware by Intel

Core I7 10700f Firmware by Intel

Core I7 10700k Firmware by Intel

Core I7 10700kf Firmware by Intel

Core I7 10700t Firmware by Intel

Core I7 10700te Firmware by Intel

Core I7 10710u Firmware by Intel

Core I7 10750h Firmware by Intel

Core I7 10810u Firmware by Intel

Core I7 10850h Firmware by Intel

Core I7 10870h Firmware by Intel

Core I7 10875h Firmware by Intel

Core I7 8086k Firmware by Intel

Core I7 8500y Firmware by Intel

Core I7 8550u Firmware by Intel

Core I7 8557u Firmware by Intel

Core I7 8559u Firmware by Intel

Core I7 8565u Firmware by Intel

Core I7 8569u Firmware by Intel

Core I7 8650u Firmware by Intel

Core I7 8665u Firmware by Intel

Core I7 8665ue Firmware by Intel

Core I7 8700b Firmware by Intel

Core I7 8700k Firmware by Intel

Core I7 8700t Firmware by Intel

Core I7 8705g Firmware by Intel

Core I7 8706g Firmware by Intel

Core I7 8706g Firmware by Intel

Core I7 8709g Firmware by Intel

Core I7 8750h Firmware by Intel

Core I7 8809g Firmware by Intel

Core I7 8850h Firmware by Intel

Core I7\+8700 Firmware by Intel

Core I7\+8700 Firmware by Intel

Core I9 9880h Firmware by Intel

Core I9 9900 Firmware by Intel

Core I9 9900k Firmware by Intel

Core I9 9900kf Firmware by Intel

Core I9 9900ks Firmware by Intel

Core I9 9900t Firmware by Intel

Core I9 9980hk Firmware by Intel

Pentium Silver J5005 Firmware by Intel

Pentium Silver J5040 Firmware by Intel

Pentium Silver N5000 Firmware by Intel