Sign-up

ID

VAR-202006-0242


CVE

CVE-2020-0545


TITLE

plural Intel Integer overflow vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2020-006825

DESCRIPTION

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Subsystems in Intel CSME, TXE, and SPS have security vulnerabilities. A local attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77; TXE before 3.1.75, before 4.0.25; SPS SPS_E5_04.01.04.380.0 before, SPS_SoC Versions before -X_04.00.04.128.0, versions before SPS_SoC-A_04.00.04.211.0, versions before SPS_E3_04.01.04.109.0, versions before SPS_E3_04.08.04.070.0

Trust: 1.71

sources: NVD: CVE-2020-0545 // JVNDB: JVNDB-2020-006825 // VULHUB: VHN-161979

AFFECTED PRODUCTS

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.75

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:11.8.77

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_soc-x_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_soc-a_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-a_04.00.04.211.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e3_04.08.00.000.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_04.08.04.070.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e3_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:11.22.77

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_04.01.04.109.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.25

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:11.12.77

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e5_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e5_04.01.04.380.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-x_04.00.04.128.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:eqversion:11.12.77

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:11.22.77

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:11.8.77

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_e3_04.01.04.109.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_e3_04.08.04.070.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_e5_04.01.04.380.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_soc-a_04.00.04.211.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_soc-x_04.00.04.128.0

Trust: 0.8

vendor:intelmodel:trusted execution enginescope:eqversion:3.1.75

Trust: 0.8

vendor:intelmodel:trusted execution enginescope:eqversion:4.0.25

Trust: 0.8

sources: JVNDB: JVNDB-2020-006825 // NVD: CVE-2020-0545

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0545
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006825
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-773
value: MEDIUM

Trust: 0.6

VULHUB: VHN-161979
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-0545
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006825
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161979
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0545
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006825
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161979 // JVNDB: JVNDB-2020-006825 // CNNVD: CNNVD-202006-773 // NVD: CVE-2020-0545

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-161979 // JVNDB: JVNDB-2020-006825 // NVD: CVE-2020-0545

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-773

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-773

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006825

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel CSME , TXE  and SPS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122459
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006825 // 
            
            
            
            CNNVD: CNNVD-202006-773

EXTERNAL IDS
db:NVDid:CVE-2020-0545
Trust: 2.5
db:LENOVOid:LEN-30041
Trust: 1.7
db:SIEMENSid:SSA-631949
Trust: 1.7
db:MCAFEEid:SB10321
Trust: 1.7
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-006825
Trust: 0.8
db:CNNVDid:CNNVD-202006-773
Trust: 0.7
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.2208
Trust: 0.6
db:VULHUBid:VHN-161979
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161979 // 
            
            
            
            JVNDB: JVNDB-2020-006825 // 
            
            
            
            CNNVD: CNNVD-202006-773 // 
            
            
            
            NVD: CVE-2020-0545

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf
Trust: 1.7
url:https://security.netapp.com/advisory/ntap-20200611-0006/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.7
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.7
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10321
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-0545
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0545
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2208/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10321
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161979 // 
            
            
            
            JVNDB: JVNDB-2020-006825 // 
            
            
            
            CNNVD: CNNVD-202006-773 // 
            
            
            
            NVD: CVE-2020-0545

SOURCES
db:VULHUBid:VHN-161979
db:JVNDBid:JVNDB-2020-006825
db:CNNVDid:CNNVD-202006-773
db:NVDid:CVE-2020-0545

LAST UPDATE DATE
2024-11-23T19:42:31.710000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161979date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-006825date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-773date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0545date:2024-11-21T04:53:42.817

SOURCES RELEASE DATE
db:VULHUBid:VHN-161979date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006825date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-773date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0545date:2020-06-15T14:15:11.267