Reporting a Vulnerability

 

 

 

 

 

 

How to Report Potential Security Vulnerabilities

To report a potential security issue or vulnerability for an Intel branded product or technology, email Intel PSIRT. Please encrypt all correspondence using our PGP public key when sending information related to potential security weaknesses or vulnerabilities. 

If you’re having trouble encrypting your vulnerability report or have any questions about the process send a message to PSIRT. We’ll help identify a method for secure transmission of your report.

When reporting, please provide as much of the following information as possible:

   
Summary of Vulnerability <Provide a short description of the vulnerability in sufficient technical details>
Affected Products <List of products potentially impacted including those already shipping and those in development.>
Affected Versions <List of the potentially impacted versions for each impacted product. If all, then simply state “all”>
Affected Platforms <List of potential platforms impacted, if appropriate / known>
Common Vulnerability Scoring System (CVSS) Base Score <CVSS score, if known*>
CVSS Vector String <CVSS vector, if known*>
Description <Full description of the issue including any impacts to confidentiality, integrity, or availability>
Steps to Replicate / Proof of Concept (POC) <Steps to reproduce the issue should be included and/or any code to trigger the vulnerability>
Known Disclosure Plans <Any known disclosure plans>