← voltar
CVE-2026-20709

CVE-2026-20709

CVSS 5.8 MEDIUMEPSS 0.1%CWE-1394
Em resumo

Alguns processadores Intel Pentium Silver, Celeron J e Celeron N usam uma chave criptográfica padrão no hardware que poderia permitir a um atacante com acesso físico e conhecimento especial obter privilégios elevados e acessar dados sensíveis.

Detalhe técnico

Envolve o uso de uma chave criptográfica padrão ou codificada no hardware (CWE-1394). Vetor de ataque requer acesso físico, capacidade de engenharia reversa, contexto de usuário privilegiado e conhecimento interno especializado. Impacto principal é violação de confidencialidade no nível do sistema.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (none) impacts.
CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N
Produtos afetados
n/a · Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (none) impacts.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00609.html