Details of VAR-202011-1377

ID

VAR-202011-1377

CVE

CVE-2020-8756

TITLE

Intel(R) CSME Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013417

DESCRIPTION

Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Core Processors is an Intel Core series central processing unit (CPU) of Intel Corporation of the United States. An attacker could exploit this vulnerability to escalate privileges through local access

Trust: 1.71

sources: NVD: CVE-2020-8756 // JVNDB: JVNDB-2020-013417 // VULHUB: VHN-186881

AFFECTED PRODUCTS

vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	14.0	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	インテル	model:	intel csme	scope:	eq	version:	intel csme firmware 11.12.80	Trust: 0.8
vendor:	インテル	model:	intel csme	scope:	eq	version:	intel csme firmware 14.0.45	Trust: 0.8
vendor:	インテル	model:	intel csme	scope:	eq	version:	intel csme firmware 11.8.80	Trust: 0.8
vendor:	インテル	model:	intel csme	scope:	eq	version:	intel csme firmware 12.0.70	Trust: 0.8
vendor:	インテル	model:	intel csme	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel csme	scope:	eq	version:	intel csme firmware 11.22.80	Trust: 0.8

sources: JVNDB: JVNDB-2020-013417 // NVD: CVE-2020-8756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8756
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8756
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1666
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186881
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8756
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186881
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8756
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8756
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186881 // JVNDB: JVNDB-2020-013417 // CNNVD: CNNVD-201911-1666 // NVD: CVE-2020-8756

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186881 // JVNDB: JVNDB-2020-013417 // NVD: CVE-2020-8756

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1666

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1666

PATCH

title:	INTEL-SA-00391	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html	Trust: 0.8
title:	Intel CSME Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135725	Trust: 0.6

sources: JVNDB: JVNDB-2020-013417 // CNNVD: CNNVD-201911-1666

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8756	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013417	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1666	Trust: 0.6
db:	CNVD	id:	CNVD-2020-68830	Trust: 0.1
db:	VULHUB	id:	VHN-186881	Trust: 0.1

sources: VULHUB: VHN-186881 // JVNDB: JVNDB-2020-013417 // CNNVD: CNNVD-201911-1666 // NVD: CVE-2020-8756

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0002/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8756	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186881 // JVNDB: JVNDB-2020-013417 // CNNVD: CNNVD-201911-1666 // NVD: CVE-2020-8756

SOURCES

db:	VULHUB	id:	VHN-186881
db:	JVNDB	id:	JVNDB-2020-013417
db:	CNNVD	id:	CNNVD-201911-1666
db:	NVD	id:	CVE-2020-8756

LAST UPDATE DATE

2024-11-23T20:00:56.092000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186881	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013417	date:	2021-07-02T04:36:00
db:	CNNVD	id:	CNNVD-201911-1666	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8756	date:	2024-11-21T05:39:23.210

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186881	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013417	date:	2021-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201911-1666	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8756	date:	2020-11-12T18:15:18.050