var-202006-0242
Vulnerability from variot
Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Subsystems in Intel CSME, TXE, and SPS have security vulnerabilities. A local attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77; TXE before 3.1.75, before 4.0.25; SPS SPS_E5_04.01.04.380.0 before, SPS_SoC Versions before -X_04.00.04.128.0, versions before SPS_SoC-A_04.00.04.211.0, versions before SPS_E3_04.01.04.109.0, versions before SPS_E3_04.08.04.070.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trusted execution engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "3.1.75"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "server platform services",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "sps_soc-x_04.00.00.000.0"
},
{
"model": "server platform services",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "sps_soc-a_04.00.00.000.0"
},
{
"model": "server platform services",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "sps_soc-a_04.00.04.211.0"
},
{
"model": "server platform services",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e3_04.08.00.000.0"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.20"
},
{
"model": "server platform services",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e3_04.08.04.070.0"
},
{
"model": "server platform services",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e3_04.00.00.000.0"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "server platform services",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e3_04.01.04.109.0"
},
{
"model": "trusted execution engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "4.0"
},
{
"model": "trusted execution engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "4.0.25"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.10"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "server platform services",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e5_04.00.00.000.0"
},
{
"model": "server platform services",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e5_04.01.04.380.0"
},
{
"model": "server platform services",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "sps_soc-x_04.00.04.128.0"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.0"
},
{
"model": "trusted execution engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "3.0"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "sps_e3_04.01.04.109.0"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "sps_e3_04.08.04.070.0"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "sps_e5_04.01.04.380.0"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "sps_soc-a_04.00.04.211.0"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "sps_soc-x_04.00.04.128.0"
},
{
"model": "trusted execution engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "3.1.75"
},
{
"model": "trusted execution engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "4.0.25"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"db": "NVD",
"id": "CVE-2020-0545"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:converged_security_management_engine_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:server_platform_services_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:trusted_execution_engine_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
}
]
},
"cve": "CVE-2020-0545",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-0545",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006825",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-161979",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2020-0545",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.4,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006825",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0545",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006825",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-773",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-161979",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-773"
},
{
"db": "NVD",
"id": "CVE-2020-0545"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Subsystems in Intel CSME, TXE, and SPS have security vulnerabilities. A local attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77; TXE before 3.1.75, before 4.0.25; SPS SPS_E5_04.01.04.380.0 before, SPS_SoC Versions before -X_04.00.04.128.0, versions before SPS_SoC-A_04.00.04.211.0, versions before SPS_E3_04.01.04.109.0, versions before SPS_E3_04.08.04.070.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0545"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"db": "VULHUB",
"id": "VHN-161979"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0545",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-30041",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-631949",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10321",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU98979613",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006825",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-773",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2208",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161979",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-773"
},
{
"db": "NVD",
"id": "CVE-2020-0545"
}
]
},
"id": "VAR-202006-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-161979"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:42:31.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00295",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"title": "Intel CSME , TXE and SPS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122459"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-773"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"db": "NVD",
"id": "CVE-2020-0545"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200611-0006/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/de/en/product_security/len-30041"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10321"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0545"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0545"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98979613/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2208/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-30041"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10321"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-773"
},
{
"db": "NVD",
"id": "CVE-2020-0545"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-161979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-773"
},
{
"db": "NVD",
"id": "CVE-2020-0545"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-161979"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-773"
},
{
"date": "2020-06-15T14:15:11.267000",
"db": "NVD",
"id": "CVE-2020-0545"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-161979"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006825"
},
{
"date": "2021-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-773"
},
{
"date": "2024-11-21T04:53:42.817000",
"db": "NVD",
"id": "CVE-2020-0545"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-773"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Intel Integer overflow vulnerability in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006825"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-773"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…