Sign-up

ID

VAR-202006-0249


CVE

CVE-2020-0534


TITLE

Intel(R) CSME Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006841

DESCRIPTION

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. Intel(R) CSME There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. An input validation error vulnerability exists in the DAL subsystem in Intel CSME. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12

Trust: 1.71

sources: NVD: CVE-2020-0534 // JVNDB: JVNDB-2020-006841 // VULHUB: VHN-161968

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:13.0.32

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:14.0.33

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:eqversion:14.5.11

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:12.0.64

Trust: 1.0

vendor:intelmodel:converged security management enginescope:eqversion:12.0.64

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:13.0.32

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:14.0.33

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:14.5.12

Trust: 0.8

sources: JVNDB: JVNDB-2020-006841 // NVD: CVE-2020-0534

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0534
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006841
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-722
value: HIGH

Trust: 0.6

VULHUB: VHN-161968
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0534
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006841
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161968
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0534
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006841
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161968 // JVNDB: JVNDB-2020-006841 // CNNVD: CNNVD-202006-722 // NVD: CVE-2020-0534

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-161968 // JVNDB: JVNDB-2020-006841 // NVD: CVE-2020-0534

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-722

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-722

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006841

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel CSME Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121673
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006841 // 
            
            
            
            CNNVD: CNNVD-202006-722

EXTERNAL IDS
db:NVDid:CVE-2020-0534
Trust: 2.5
db:LENOVOid:LEN-30041
Trust: 1.7
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-006841
Trust: 0.8
db:CNNVDid:CNNVD-202006-722
Trust: 0.7
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:VULHUBid:VHN-161968
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161968 // 
            
            
            
            JVNDB: JVNDB-2020-006841 // 
            
            
            
            CNNVD: CNNVD-202006-722 // 
            
            
            
            NVD: CVE-2020-0534

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200611-0006/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.7
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0534
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0534
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
sources:
            
            
            VULHUB: VHN-161968 // 
            
            
            
            JVNDB: JVNDB-2020-006841 // 
            
            
            
            CNNVD: CNNVD-202006-722 // 
            
            
            
            NVD: CVE-2020-0534

SOURCES
db:VULHUBid:VHN-161968
db:JVNDBid:JVNDB-2020-006841
db:CNNVDid:CNNVD-202006-722
db:NVDid:CVE-2020-0534

LAST UPDATE DATE
2024-11-23T20:47:01.007000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161968date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-006841date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-722date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0534date:2024-11-21T04:53:41.380

SOURCES RELEASE DATE
db:VULHUBid:VHN-161968date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006841date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-722date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0534date:2020-06-15T14:15:10.643