Sign-up

ID

VAR-202006-0026


CVE

CVE-2020-0596


TITLE

Intel(R) AMT and ISM Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006818

DESCRIPTION

Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT and ISM There is an input verification vulnerability in.Information may be obtained. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64; ISM before 11.8.77, before 11.12.77, before 11.22.77 Version, version before 12.0.64

Trust: 1.8

sources: NVD: CVE-2020-0596 // JVNDB: JVNDB-2020-006818 // VULHUB: VHN-162030 // VULMON: CVE-2020-0596

AFFECTED PRODUCTS

vendor:intelmodel:service managerscope:ltversion:11.12.77

Trust: 1.0

vendor:intelmodel:service managerscope:ltversion:11.22.77

Trust: 1.0

vendor:intelmodel:service managerscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:service managerscope:ltversion:11.8.77

Trust: 1.0

vendor:intelmodel:service managerscope:ltversion:12.0.64

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:service managerscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.77

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.77

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.64

Trust: 1.0

vendor:intelmodel:service managerscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:service managerscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.77

Trust: 1.0

vendor:intelmodel:active management technologyscope:eqversion:11.12.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:11.22.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:11.8.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:12.0.64

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:11.12.77

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:11.22.77

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:11.8.77

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:12.0.64

Trust: 0.8

sources: JVNDB: JVNDB-2020-006818 // NVD: CVE-2020-0596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0596
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006818
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-813
value: HIGH

Trust: 0.6

VULHUB: VHN-162030
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-0596
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0596
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006818
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-162030
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0596
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006818
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-162030 // VULMON: CVE-2020-0596 // JVNDB: JVNDB-2020-006818 // CNNVD: CNNVD-202006-813 // NVD: CVE-2020-0596

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-162030 // JVNDB: JVNDB-2020-006818 // NVD: CVE-2020-0596

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-813

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-813

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006818

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel AMT  and ISM Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122463
Trust: 0.6
title:HP: HPSBHF03667 rev. 1 - IntelĀ® 2020.1 IPU - CSME, SPS, TXT, AMT and DAL Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03667
Trust: 0.1
title:Threatposturl:https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-0596 // 
            
            
            
            JVNDB: JVNDB-2020-006818 // 
            
            
            
            CNNVD: CNNVD-202006-813

EXTERNAL IDS
db:NVDid:CVE-2020-0596
Trust: 2.6
db:LENOVOid:LEN-30041
Trust: 1.8
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-006818
Trust: 0.8
db:CNNVDid:CNNVD-202006-813
Trust: 0.7
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:VULHUBid:VHN-162030
Trust: 0.1
db:VULMONid:CVE-2020-0596
Trust: 0.1
sources:
            
            
            VULHUB: VHN-162030 // 
            
            
            
            VULMON: CVE-2020-0596 // 
            
            
            
            JVNDB: JVNDB-2020-006818 // 
            
            
            
            CNNVD: CNNVD-202006-813 // 
            
            
            
            NVD: CVE-2020-0596

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200611-0007/
Trust: 1.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.8
url:https://www.synology.com/security/advisory/synology_sa_20_15
Trust: 1.8
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-0596
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0596
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/183157
Trust: 0.1
url:https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-162030 // 
            
            
            
            VULMON: CVE-2020-0596 // 
            
            
            
            JVNDB: JVNDB-2020-006818 // 
            
            
            
            CNNVD: CNNVD-202006-813 // 
            
            
            
            NVD: CVE-2020-0596

SOURCES
db:VULHUBid:VHN-162030
db:VULMONid:CVE-2020-0596
db:JVNDBid:JVNDB-2020-006818
db:CNNVDid:CNNVD-202006-813
db:NVDid:CVE-2020-0596

LAST UPDATE DATE
2024-11-23T21:20:16.326000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-162030date:2020-07-22T00:00:00
db:VULMONid:CVE-2020-0596date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-006818date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-813date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0596date:2024-11-21T04:53:49.500

SOURCES RELEASE DATE
db:VULHUBid:VHN-162030date:2020-06-15T00:00:00
db:VULMONid:CVE-2020-0596date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006818date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-813date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0596date:2020-06-15T14:15:11.597