CVE-2020-24454

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 39.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Quartus Prime

Timeline

PublishedNov 12

Latest updateMay 24

Description

Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5intel(r)_quartus(r)_prime_pro_edition_and_intel(r)_quartus(r)_prime_standard_editionIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2

▶NVDintel/quartus_prime< 20.3+1

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-r96p-g9m9-mjp9: Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20↗2022-05-24

▶

CVEList

CVE-2020-24454: Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20↗2020-11-12

▶