Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24513

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 71 products from intel, from intel, from intel and 68 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-06-09T19:15:08.963

Last Modified

2024-11-21T05:14:56.957

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	intel	atom_c3308	-	Yes
Hardware	intel	atom_c3336	-	Yes
Hardware	intel	atom_c3338	-	Yes
Hardware	intel	atom_c3338r	-	Yes
Hardware	intel	atom_c3436l	-	Yes
Hardware	intel	atom_c3508	-	Yes
Hardware	intel	atom_c3538	-	Yes
Hardware	intel	atom_c3558	-	Yes
Hardware	intel	atom_c3558r	-	Yes
Hardware	intel	atom_c3558rc	-	Yes
Hardware	intel	atom_c3708	-	Yes
Hardware	intel	atom_c3750	-	Yes
Hardware	intel	atom_c3758	-	Yes
Hardware	intel	atom_c3758r	-	Yes
Hardware	intel	atom_c3808	-	Yes
Hardware	intel	atom_c3830	-	Yes
Hardware	intel	atom_c3850	-	Yes
Hardware	intel	atom_c3858	-	Yes
Hardware	intel	atom_c3950	-	Yes
Hardware	intel	atom_c3955	-	Yes
Hardware	intel	atom_c3958	-	Yes
Hardware	intel	atom_p5942b	-	Yes
Hardware	intel	atom_x5-a3930	-	Yes
Hardware	intel	atom_x5-a3940	-	Yes
Hardware	intel	atom_x5-a3950	-	Yes
Hardware	intel	atom_x5-a3960	-	Yes
Hardware	intel	atom_x6200fe	-	Yes
Hardware	intel	atom_x6211e	-	Yes
Hardware	intel	atom_x6212re	-	Yes
Hardware	intel	atom_x6413e	-	Yes
Hardware	intel	atom_x6425e	-	Yes
Hardware	intel	atom_x6425re	-	Yes
Hardware	intel	atom_x6427fe	-	Yes
Hardware	intel	celeron_j3355	-	Yes
Hardware	intel	celeron_j3355e	-	Yes
Hardware	intel	celeron_j3455	-	Yes
Hardware	intel	celeron_j3455e	-	Yes
Hardware	intel	celeron_j4005	-	Yes
Hardware	intel	celeron_j4025	-	Yes
Hardware	intel	celeron_j4105	-	Yes
Hardware	intel	celeron_j4125	-	Yes
Hardware	intel	celeron_j6413	-	Yes
Hardware	intel	celeron_n3350	-	Yes
Hardware	intel	celeron_n3350e	-	Yes
Hardware	intel	celeron_n3450	-	Yes
Hardware	intel	celeron_n4000	-	Yes
Hardware	intel	celeron_n4020	-	Yes
Hardware	intel	celeron_n4100	-	Yes
Hardware	intel	celeron_n4120	-	Yes
Hardware	intel	celeron_n6211	-	Yes
Hardware	intel	core_i3-l13g4	-	Yes
Hardware	intel	core_i5-l16g7	-	Yes
Hardware	intel	p5921b	-	Yes
Hardware	intel	p5931b	-	Yes
Hardware	intel	p5962b	-	Yes
Hardware	intel	pentium_j4205	-	Yes
Hardware	intel	pentium_j6425	-	Yes
Hardware	intel	pentium_n4200	-	Yes
Hardware	intel	pentium_n4200e	-	Yes
Hardware	intel	pentium_n6415	-	Yes
Hardware	intel	pentium_silver_j5005	-	Yes
Hardware	intel	pentium_silver_j5040	-	Yes
Hardware	intel	pentium_silver_n5000	-	Yes
Hardware	intel	pentium_silver_n5030	-	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	siemens	simatic_drive_controller_firmware	*	Yes
Hardware	siemens	simatic_drive_controller	-	No
Operating System	siemens	simatic_et_200sp_open_controller_firmware	< 0209_0105	Yes
Hardware	siemens	simatic_et_200sp_open_controller	-	No
Operating System	siemens	simatic_ipc127e_firmware	< 21.01.07	Yes
Hardware	siemens	simatic_ipc127e	-	No

References

https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html Mailing List, Third Party Advisory ([email protected])
https://www.debian.org/security/2021/dsa-4934 Third Party Advisory ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4934 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For intel's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.