Sign-up

ID

VAR-202006-0027


CVE

CVE-2020-0597


TITLE

Treck IP stacks contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#257161

DESCRIPTION

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.CVE-2020-0594 Unknown CVE-2020-0595 Unknown CVE-2020-0597 Unknown CVE-2020-11896 Affected CVE-2020-11897 Not Affected CVE-2020-11898 Affected CVE-2020-11899 Not Affected CVE-2020-11900 Affected CVE-2020-11901 Not Affected CVE-2020-11902 Not Affected CVE-2020-11903 Not Affected CVE-2020-11904 Not Affected CVE-2020-11905 Not Affected CVE-2020-11906 Affected CVE-2020-11907 Affected CVE-2020-11908 Not Affected CVE-2020-11909 Not Affected CVE-2020-11910 Not Affected CVE-2020-11911 Affected CVE-2020-11912 Affected CVE-2020-11913 Not Affected CVE-2020-11914 Affected CVE-2020-8674 UnknownCVE-2020-0594 Unknown CVE-2020-0595 Unknown CVE-2020-0597 Unknown CVE-2020-11896 Affected CVE-2020-11897 Not Affected CVE-2020-11898 Affected CVE-2020-11899 Not Affected CVE-2020-11900 Affected CVE-2020-11901 Not Affected CVE-2020-11902 Not Affected CVE-2020-11903 Not Affected CVE-2020-11904 Not Affected CVE-2020-11905 Not Affected CVE-2020-11906 Affected CVE-2020-11907 Affected CVE-2020-11908 Not Affected CVE-2020-11909 Not Affected CVE-2020-11910 Not Affected CVE-2020-11911 Affected CVE-2020-11912 Affected CVE-2020-11913 Not Affected CVE-2020-11914 Affected CVE-2020-8674 Unknown. Intel(R) AMT and ISM Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to cause a denial of service

Trust: 2.43

sources: NVD: CVE-2020-0597 // CERT/CC: VU#257161 // JVNDB: JVNDB-2020-007023 // VULHUB: VHN-162031

AFFECTED PRODUCTS

vendor:intelmodel:software managerscope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:software managerscope:lteversion:12.0.63

Trust: 1.0

vendor:intelmodel:active management technologyscope:lteversion:11.8.76

Trust: 1.0

vendor:intelmodel:active management technologyscope:lteversion:11.11.76

Trust: 1.0

vendor:intelmodel:software managerscope:lteversion:13.0.31

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:software managerscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:active management technologyscope:lteversion:14.0.32

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:lteversion:11.22.76

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:software managerscope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:software managerscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:software managerscope:lteversion:11.8.76

Trust: 1.0

vendor:intelmodel:software managerscope:lteversion:11.11.76

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:lteversion:13.0.31

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:lteversion:12.0.63

Trust: 1.0

vendor:intelmodel:software managerscope:lteversion:14.0.32

Trust: 1.0

vendor:intelmodel:software managerscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:software managerscope:lteversion:11.22.76

Trust: 1.0

vendor:intelmodel:software managerscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:eqversion:14.0.33

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:14.0.33

Trust: 0.8

sources: JVNDB: JVNDB-2020-007023 // NVD: CVE-2020-0597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0597
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007023
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-812
value: HIGH

Trust: 0.6

VULHUB: VHN-162031
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0597
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007023
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-162031
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0597
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007023
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-162031 // JVNDB: JVNDB-2020-007023 // CNNVD: CNNVD-202006-812 // NVD: CVE-2020-0597

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-162031 // JVNDB: JVNDB-2020-007023 // NVD: CVE-2020-0597

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-812

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202006-812

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007023

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel AMT  and ISM Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=122462
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007023 // 
            
            
            
            CNNVD: CNNVD-202006-812

EXTERNAL IDS
db:NVDid:CVE-2020-0597
Trust: 3.3
db:CERT/CCid:VU#257161
Trust: 2.5
db:LENOVOid:LEN-30041
Trust: 1.7
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-007023
Trust: 0.8
db:CNNVDid:CNNVD-202006-812
Trust: 0.7
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:VULHUBid:VHN-162031
Trust: 0.1
sources:
            
            
            CERT/CC: VU#257161 // 
            
            
            
            VULHUB: VHN-162031 // 
            
            
            
            JVNDB: JVNDB-2020-007023 // 
            
            
            
            CNNVD: CNNVD-202006-812 // 
            
            
            
            NVD: CVE-2020-0597

REFERENCES
url:https://www.kb.cert.org/vuls/id/257161
Trust: 1.7
url:https://security.netapp.com/advisory/ntap-20200611-0007/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.7
url:https://www.synology.com/security/advisory/synology_sa_20_15
Trust: 1.7
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0597
Trust: 1.4
url:cve-2020-0594  
Trust: 0.8
url:cve-2020-0595  
Trust: 0.8
url:cve-2020-0597  
Trust: 0.8
url:cve-2020-11896  
Trust: 0.8
url:cve-2020-11897  
Trust: 0.8
url:cve-2020-11898  
Trust: 0.8
url:cve-2020-11899  
Trust: 0.8
url:cve-2020-11900  
Trust: 0.8
url:cve-2020-11901  
Trust: 0.8
url:cve-2020-11902  
Trust: 0.8
url:cve-2020-11903  
Trust: 0.8
url:cve-2020-11904  
Trust: 0.8
url:cve-2020-11905  
Trust: 0.8
url:cve-2020-11906  
Trust: 0.8
url:cve-2020-11907  
Trust: 0.8
url:cve-2020-11908  
Trust: 0.8
url:cve-2020-11909  
Trust: 0.8
url:cve-2020-11910  
Trust: 0.8
url:cve-2020-11911  
Trust: 0.8
url:cve-2020-11912  
Trust: 0.8
url:cve-2020-11913  
Trust: 0.8
url:cve-2020-11914  
Trust: 0.8
url:cve-2020-8674  
Trust: 0.8
url:vince json
Trust: 0.8
url:csaf
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0597
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
sources:
            
            
            CERT/CC: VU#257161 // 
            
            
            
            VULHUB: VHN-162031 // 
            
            
            
            JVNDB: JVNDB-2020-007023 // 
            
            
            
            CNNVD: CNNVD-202006-812 // 
            
            
            
            NVD: CVE-2020-0597

CREDITS
This document was written by Vijay Sarvepalli.
Trust: 0.8
sources:
            
            
            CERT/CC: VU#257161

SOURCES
db:CERT/CCid:VU#257161
db:VULHUBid:VHN-162031
db:JVNDBid:JVNDB-2020-007023
db:CNNVDid:CNNVD-202006-812
db:NVDid:CVE-2020-0597

LAST UPDATE DATE
2024-11-23T20:20:27.030000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#257161date:2022-09-20T00:00:00
db:VULHUBid:VHN-162031date:2021-03-18T00:00:00
db:JVNDBid:JVNDB-2020-007023date:2020-07-30T00:00:00
db:CNNVDid:CNNVD-202006-812date:2023-05-23T00:00:00
db:NVDid:CVE-2020-0597date:2024-11-21T04:53:49.610

SOURCES RELEASE DATE
db:CERT/CCid:VU#257161date:2020-06-16T00:00:00
db:VULHUBid:VHN-162031date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-007023date:2020-07-30T00:00:00
db:CNNVDid:CNNVD-202006-812date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0597date:2020-06-15T14:15:11.660