Sign-up

ID

VAR-202006-0240


CVE

CVE-2020-0586


TITLE

Intel(R) SPS Initialization vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006819

DESCRIPTION

Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) SPS There is an initialization vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Server Platform Services (SPS) is a server platform service program of Intel Corporation. There is a security vulnerability in Intel SPS versions earlier than SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0. The vulnerability is caused by the incorrect initialization of the program. A local attacker could exploit this vulnerability to elevate privileges and/or cause a denial of service

Trust: 1.71

sources: NVD: CVE-2020-0586 // JVNDB: JVNDB-2020-006819 // VULHUB: VHN-162020

AFFECTED PRODUCTS

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_04.01.04.109.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_soc-x_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-a_04.00.04.211.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_soc-a_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e3_04.08.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_04.08.04.070.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e5_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e3_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e5_04.01.04.380.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-x_04.00.04.128.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:eqversion:sps_e3_04.01.04.109.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_e3_04.08.04.070.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-006819 // NVD: CVE-2020-0586

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0586
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006819
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-794
value: HIGH

Trust: 0.6

VULHUB: VHN-162020
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0586
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006819
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-162020
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0586
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006819
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-162020 // JVNDB: JVNDB-2020-006819 // CNNVD: CNNVD-202006-794 // NVD: CVE-2020-0586

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.9

sources: VULHUB: VHN-162020 // JVNDB: JVNDB-2020-006819 // NVD: CVE-2020-0586

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-794

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-794

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006819

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel SPS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121691
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006819 // 
            
            
            
            CNNVD: CNNVD-202006-794

EXTERNAL IDS
db:NVDid:CVE-2020-0586
Trust: 2.5
db:MCAFEEid:SB10321
Trust: 1.7
db:LENOVOid:LEN-30041
Trust: 1.7
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-006819
Trust: 0.8
db:CNNVDid:CNNVD-202006-794
Trust: 0.7
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:AUSCERTid:ESB-2020.2208
Trust: 0.6
db:VULHUBid:VHN-162020
Trust: 0.1
sources:
            
            
            VULHUB: VHN-162020 // 
            
            
            
            JVNDB: JVNDB-2020-006819 // 
            
            
            
            CNNVD: CNNVD-202006-794 // 
            
            
            
            NVD: CVE-2020-0586

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200611-0004/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.7
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.7
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10321
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-0586
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0586
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2208/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10321
Trust: 0.1
sources:
            
            
            VULHUB: VHN-162020 // 
            
            
            
            JVNDB: JVNDB-2020-006819 // 
            
            
            
            CNNVD: CNNVD-202006-794 // 
            
            
            
            NVD: CVE-2020-0586

SOURCES
db:VULHUBid:VHN-162020
db:JVNDBid:JVNDB-2020-006819
db:CNNVDid:CNNVD-202006-794
db:NVDid:CVE-2020-0586

LAST UPDATE DATE
2024-11-23T21:06:54.775000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-162020date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-006819date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-794date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0586date:2024-11-21T04:53:48.213

SOURCES RELEASE DATE
db:VULHUBid:VHN-162020date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006819date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-794date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0586date:2020-06-15T14:15:11.393