Sign-up

ID

VAR-202006-0239


CVE

CVE-2020-0566


TITLE

Intel(R) TXE Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007022

DESCRIPTION

Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) TXE Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel TXE is a trusted execution engine with hardware verification function in the CPU (Central Processing Unit) of Intel Corporation of the United States. There are security vulnerabilities in the subsystems of Intel TXE versions prior to 3.175 and versions prior to 4.0.25. An attacker in physical proximity could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2020-0566 // JVNDB: JVNDB-2020-007022 // VULHUB: VHN-162000

AFFECTED PRODUCTS

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:lteversion:4.0.20

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:lteversion:3.1.70

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:eqversion:3.175

Trust: 0.8

vendor:intelmodel:trusted execution enginescope:eqversion:4.0.25

Trust: 0.8

sources: JVNDB: JVNDB-2020-007022 // NVD: CVE-2020-0566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0566
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007022
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-792
value: MEDIUM

Trust: 0.6

VULHUB: VHN-162000
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0566
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007022
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-162000
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0566
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007022
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-162000 // JVNDB: JVNDB-2020-007022 // CNNVD: CNNVD-202006-792 // NVD: CVE-2020-0566

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-162000 // JVNDB: JVNDB-2020-007022 // NVD: CVE-2020-0566

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-792

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007022

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel TXE Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122460
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007022 // 
            
            
            
            CNNVD: CNNVD-202006-792

EXTERNAL IDS
db:NVDid:CVE-2020-0566
Trust: 2.5
db:LENOVOid:LEN-30041
Trust: 1.7
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-007022
Trust: 0.8
db:CNNVDid:CNNVD-202006-792
Trust: 0.7
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:VULHUBid:VHN-162000
Trust: 0.1
sources:
            
            
            VULHUB: VHN-162000 // 
            
            
            
            JVNDB: JVNDB-2020-007022 // 
            
            
            
            CNNVD: CNNVD-202006-792 // 
            
            
            
            NVD: CVE-2020-0566

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200611-0005/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.7
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0566
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0566
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
sources:
            
            
            VULHUB: VHN-162000 // 
            
            
            
            JVNDB: JVNDB-2020-007022 // 
            
            
            
            CNNVD: CNNVD-202006-792 // 
            
            
            
            NVD: CVE-2020-0566

SOURCES
db:VULHUBid:VHN-162000
db:JVNDBid:JVNDB-2020-007022
db:CNNVDid:CNNVD-202006-792
db:NVDid:CVE-2020-0566

LAST UPDATE DATE
2024-11-23T21:19:07.455000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-162000date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-007022date:2020-07-30T00:00:00
db:CNNVDid:CNNVD-202006-792date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0566date:2024-11-21T04:53:46.363

SOURCES RELEASE DATE
db:VULHUBid:VHN-162000date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-007022date:2020-07-30T00:00:00
db:CNNVDid:CNNVD-202006-792date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0566date:2020-06-15T14:15:11.330