A potential security vulnerability in Intel® Board ID Tool may allow escalation of privilege.** Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Board ID Tool.**
CVEID: CVE-2020-24456
Description: Incorrect default permissions in the Intel® Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Intel® Board ID Tool all versions.
Intel has issued a Product Discontinuation notice for Intel® Board ID Tool and recommends that users of the Intel® Board ID Tool uninstall it or discontinue use at their earliest convenience.
Intel would like to thank Alec Blance for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.