Sign-up

ID

VAR-202006-0257


CVE

CVE-2020-0542


TITLE

Intel(R) CSME Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006824

DESCRIPTION

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel(R) CSME Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A security vulnerability exists in a subsystem in Intel CSME. Attackers can exploit this vulnerability to elevate privileges, causing information disclosure and denial of service. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12

Trust: 1.8

sources: NVD: CVE-2020-0542 // JVNDB: JVNDB-2020-006824 // VULHUB: VHN-161976 // VULMON: CVE-2020-0542

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.8.77

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:11.22.77

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:13.0.32

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:eqversion:14.5.11

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:12.0.64

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:11.12.77

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:14.0.33

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:eqversion:12.0.64

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:13.0.32

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:14.0.33

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:14.5.12

Trust: 0.8

sources: JVNDB: JVNDB-2020-006824 // NVD: CVE-2020-0542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0542
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006824
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-762
value: HIGH

Trust: 0.6

VULHUB: VHN-161976
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-0542
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0542
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006824
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161976
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0542
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006824
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161976 // VULMON: CVE-2020-0542 // JVNDB: JVNDB-2020-006824 // CNNVD: CNNVD-202006-762 // NVD: CVE-2020-0542

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-161976 // JVNDB: JVNDB-2020-006824 // NVD: CVE-2020-0542

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-762

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202006-762

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006824

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel CSME Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122457
Trust: 0.6
title:HP: HPSBHF03667 rev. 1 - IntelĀ® 2020.1 IPU - CSME, SPS, TXT, AMT and DAL Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03667
Trust: 0.1
title:Threatposturl:https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-0542 // 
            
            
            
            JVNDB: JVNDB-2020-006824 // 
            
            
            
            CNNVD: CNNVD-202006-762

EXTERNAL IDS
db:NVDid:CVE-2020-0542
Trust: 2.6
db:LENOVOid:LEN-30041
Trust: 1.8
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-006824
Trust: 0.8
db:CNNVDid:CNNVD-202006-762
Trust: 0.7
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:VULHUBid:VHN-161976
Trust: 0.1
db:VULMONid:CVE-2020-0542
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161976 // 
            
            
            
            VULMON: CVE-2020-0542 // 
            
            
            
            JVNDB: JVNDB-2020-006824 // 
            
            
            
            CNNVD: CNNVD-202006-762 // 
            
            
            
            NVD: CVE-2020-0542

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200611-0006/
Trust: 1.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.8
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-0542
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0542
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/
Trust: 0.1
url:https://support.hp.com/us-en/document/c06655639
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161976 // 
            
            
            
            VULMON: CVE-2020-0542 // 
            
            
            
            JVNDB: JVNDB-2020-006824 // 
            
            
            
            CNNVD: CNNVD-202006-762 // 
            
            
            
            NVD: CVE-2020-0542

SOURCES
db:VULHUBid:VHN-161976
db:VULMONid:CVE-2020-0542
db:JVNDBid:JVNDB-2020-006824
db:CNNVDid:CNNVD-202006-762
db:NVDid:CVE-2020-0542

LAST UPDATE DATE
2024-11-23T20:26:27.921000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161976date:2021-07-21T00:00:00
db:VULMONid:CVE-2020-0542date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-006824date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-762date:2021-07-26T00:00:00
db:NVDid:CVE-2020-0542date:2024-11-21T04:53:42.333

SOURCES RELEASE DATE
db:VULHUBid:VHN-161976date:2020-06-15T00:00:00
db:VULMONid:CVE-2020-0542date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006824date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-762date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0542date:2020-06-15T14:15:11.127