var-202006-0257
Vulnerability from variot
Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel(R) CSME Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A security vulnerability exists in a subsystem in Intel CSME. Attackers can exploit this vulnerability to elevate privileges, causing information disclosure and denial of service. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "13.0.32"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.0"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "14.5.11"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "13.0"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.10"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.20"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.0.33"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.0"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "13.0.32"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "14.0.33"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "14.5.12"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"db": "NVD",
"id": "CVE-2020-0542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:converged_security_management_engine_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
}
]
},
"cve": "CVE-2020-0542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-0542",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006824",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-161976",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-0542",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006824",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0542",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006824",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-762",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-161976",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-0542",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161976"
},
{
"db": "VULMON",
"id": "CVE-2020-0542"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-762"
},
{
"db": "NVD",
"id": "CVE-2020-0542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel(R) CSME Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A security vulnerability exists in a subsystem in Intel CSME. Attackers can exploit this vulnerability to elevate privileges, causing information disclosure and denial of service. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0542"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"db": "VULHUB",
"id": "VHN-161976"
},
{
"db": "VULMON",
"id": "CVE-2020-0542"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0542",
"trust": 2.6
},
{
"db": "LENOVO",
"id": "LEN-30041",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU98979613",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006824",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-762",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161976",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-0542",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161976"
},
{
"db": "VULMON",
"id": "CVE-2020-0542"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-762"
},
{
"db": "NVD",
"id": "CVE-2020-0542"
}
]
},
"id": "VAR-202006-0257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-161976"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:26:27.921000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00295",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"title": "Intel CSME Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122457"
},
{
"title": "HP: HPSBHF03667 rev. 1 - Intel\u00ae 2020.1 IPU - CSME, SPS, TXT, AMT and DAL Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03667"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-0542"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161976"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"db": "NVD",
"id": "CVE-2020-0542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200611-0006/"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"trust": 1.8,
"url": "https://support.lenovo.com/de/en/product_security/len-30041"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0542"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98979613/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991.2/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-30041"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/"
},
{
"trust": 0.1,
"url": "https://support.hp.com/us-en/document/c06655639"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161976"
},
{
"db": "VULMON",
"id": "CVE-2020-0542"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-762"
},
{
"db": "NVD",
"id": "CVE-2020-0542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-161976"
},
{
"db": "VULMON",
"id": "CVE-2020-0542"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-762"
},
{
"db": "NVD",
"id": "CVE-2020-0542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-161976"
},
{
"date": "2020-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-0542"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-762"
},
{
"date": "2020-06-15T14:15:11.127000",
"db": "NVD",
"id": "CVE-2020-0542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-161976"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-0542"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006824"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-762"
},
{
"date": "2024-11-21T04:53:42.333000",
"db": "NVD",
"id": "CVE-2020-0542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-762"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) CSME Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006824"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-762"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…