Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202011-1390 CVE-2020-8749 Intel(R) AMT  Out-of-bounds read vulnerability CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Intel(R) AMT Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. The following products and versions are affected: Version 11.8.80, Version 11.12.80, Version 11.22.80, Version 12.0.70, Version 14.0.45
VAR-202011-1389 CVE-2020-8747 Intel(R) AMT  Out-of-bounds read vulnerability CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. Intel(R) AMT Is vulnerable to an out-of-bounds read.Information is obtained and denial of service (DoS) It may be put into a state. Intel AMT is a software of Intel Corporation that resides in the hardware and allows remote management functions. The following products and versions are affected: Version 11.8.80, Version 11.12.80, Version 11.22.80, Version 12.0.70, Version 14.0.45
VAR-202011-1388 CVE-2020-8746 Intel(R) AMT  Integer overflow vulnerability in CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel(R) AMT Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. Intel TXE, etc. are all products of Intel Corporation of the United States. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software. Intel Trusted Execution Engine is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). The following products and versions are affected: Version 11.8.80, Version 11.12.80, Version 11.22.80, Version 12.0.70, Version 14.0.45
VAR-202011-1380 CVE-2020-8761 Intel(R) CSME  Vulnerability in cryptography CVSS V2: 2.1
CVSS V3: 4.6
Severity: MEDIUM
Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. Intel(R) CSME Contains a cryptographic vulnerability.Information may be obtained
VAR-202011-1379 CVE-2020-8760 Intel(R) AMT  Integer overflow vulnerability in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) AMT Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel AMT is a software of Intel Corporation that resides in the hardware and allows remote management functions. The following products and versions are affected: Version 11.8.80, Version 11.12.80, Version 11.22.80, Version 12.0.70, Version 14.0.45
VAR-202011-1378 CVE-2020-8757 Intel(R) AMT  Out-of-bounds read vulnerability CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) AMT Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The following products and versions are affected: Version 11.8.80, Version 11.12.80, Version 11.22.80, Version 12.0.70, Version 14.0.45
VAR-202011-1377 CVE-2020-8756 Intel(R) CSME  Input confirmation vulnerability CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Core Processors is an Intel Core series central processing unit (CPU) of Intel Corporation of the United States. An attacker could exploit this vulnerability to escalate privileges through local access
VAR-202011-1375 CVE-2020-8754 Intel(R) AMT  and  Intel(R) ISM  Out-of-bounds read vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT and Intel(R) ISM Is vulnerable to an out-of-bounds read.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. The following products and versions are affected: ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45
VAR-202011-1374 CVE-2020-8753 Intel(R) AMT  and  ISM  Out-of-bounds read vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT and ISM Is vulnerable to an out-of-bounds read.Information may be obtained
VAR-202011-1373 CVE-2020-8752 Intel(R) AMT  and  Intel(R) ISM  Out-of-bounds Vulnerability in Microsoft CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. Intel(R) AMT and Intel(R) ISM Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel AMT is a software of Intel Corporation that resides in the hardware and allows remote management functions. The following products and versions are affected: ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45
VAR-202011-1362 CVE-2020-8705 plural  Intel  Product resource initialization to unsafe default values CVSS V2: 4.6
CVSS V3: 6.8
Severity: MEDIUM
Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. Intel(R) CSME , TXE , SPS There is a vulnerability in the initialization of resources to insecure default values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
VAR-202011-0184 CVE-2020-12297 Intel(R) CSME  Driver and  TXE  Vulnerability in privilege management CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. Intel(R) CSME Driver and TXE Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
VAR-202011-0177 CVE-2020-12332 Intel(R) HID Event Filter Driver  Vulnerability in improperly holding permissions in the installer CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access
VAR-202011-0173 CVE-2020-12328 Windows  for  Intel(R) Thunderbolt(TM) DCH  Vulnerability related to information leakage in driver CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. Windows for Intel(R) Thunderbolt(TM) DCH The driver contains a vulnerability related to information leakage.Information may be obtained. Intel Thunderbolt DCH drivers is a driver for Windows from Intel Corporation of the United States
VAR-202011-0172 CVE-2020-12327 Windows  for  Intel(R) Thunderbolt(TM) DCH  Vulnerability in driver initialization of resources to unsafe default values CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. Windows for Intel(R) Thunderbolt(TM) DCH The driver contains a vulnerability in the initialization of resources to unsafe default values.Information may be obtained
VAR-202011-0171 CVE-2020-12326 Windows  for  Intel(R) Thunderbolt(TM) DCH  Driver initialization vulnerabilities CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. Windows for Intel(R) Thunderbolt(TM) DCH The driver contains an initialization vulnerability.Information may be obtained
VAR-202011-0170 CVE-2020-12325 Windows  for  Intel(R) Thunderbolt(TM) DCH  Buffer error vulnerability in driver CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. Windows for Intel(R) Thunderbolt(TM) DCH The driver contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Thunderbolt DCH drivers is a driver for Windows from Intel Corporation of the United States
VAR-202011-0169 CVE-2020-12324 Windows  for  Intel(R) Thunderbolt(TM) DCH  Driver permission management vulnerabilities CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. Windows for Intel(R) Thunderbolt(TM) DCH The driver contains a vulnerability related to permission management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Thunderbolt DCH drivers is a driver for Windows from Intel Corporation of the United States
VAR-202011-0149 CVE-2020-12307 Intel(R) High Definition Audio  Vulnerability in improper default permissions in driver CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel High Definition Audio drivers is an audio codec driver from Intel Corporation. An authorization issue vulnerability exists in Intel High Definition Audio drivers. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. No detailed vulnerability details were provided at this time
VAR-202011-0146 CVE-2020-12303 Intel(R) CSME  and  TXE  Vulnerabilities in the use of freed memory CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. Intel(R) CSME and TXE Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state