var-202006-0249
Vulnerability from variot
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. Intel(R) CSME There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. An input validation error vulnerability exists in the DAL subsystem in Intel CSME. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0249",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "13.0.32"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.0.33"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.0"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "14.5.11"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "13.0"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "13.0.32"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "14.0.33"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "14.5.12"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"db": "NVD",
"id": "CVE-2020-0534"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:converged_security_management_engine_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
}
]
},
"cve": "CVE-2020-0534",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-0534",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006841",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-161968",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-0534",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006841",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0534",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006841",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-722",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-161968",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-722"
},
{
"db": "NVD",
"id": "CVE-2020-0534"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. Intel(R) CSME There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. An input validation error vulnerability exists in the DAL subsystem in Intel CSME. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0534"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"db": "VULHUB",
"id": "VHN-161968"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0534",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-30041",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU98979613",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006841",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-722",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161968",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-722"
},
{
"db": "NVD",
"id": "CVE-2020-0534"
}
]
},
"id": "VAR-202006-0249",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-161968"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:47:01.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00295",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"title": "Intel CSME Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121673"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-722"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"db": "NVD",
"id": "CVE-2020-0534"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200611-0006/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/de/en/product_security/len-30041"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0534"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0534"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98979613/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991.2/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-30041"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-722"
},
{
"db": "NVD",
"id": "CVE-2020-0534"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-161968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-722"
},
{
"db": "NVD",
"id": "CVE-2020-0534"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-161968"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-722"
},
{
"date": "2020-06-15T14:15:10.643000",
"db": "NVD",
"id": "CVE-2020-0534"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-161968"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006841"
},
{
"date": "2021-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-722"
},
{
"date": "2024-11-21T04:53:41.380000",
"db": "NVD",
"id": "CVE-2020-0534"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-722"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) CSME Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-722"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…