Sign-up

ID

VAR-202006-0252


CVE

CVE-2020-0537


TITLE

Intel(R) AMT Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006791

DESCRIPTION

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. Intel(R) AMT There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel AMT versions prior to 11.8.77, versions prior to 11.12.77, versions prior to 11.22.77, and versions prior to 12.0.64

Trust: 1.71

sources: NVD: CVE-2020-0537 // JVNDB: JVNDB-2020-006791 // VULHUB: VHN-161971

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.77

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.64

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.77

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.77

Trust: 1.0

vendor:intelmodel:active management technologyscope:eqversion:11.12.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:11.22.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:11.8.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:12.0.64

Trust: 0.8

sources: JVNDB: JVNDB-2020-006791 // NVD: CVE-2020-0537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0537
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006791
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-729
value: MEDIUM

Trust: 0.6

VULHUB: VHN-161971
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0537
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006791
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161971
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0537
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006791
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161971 // JVNDB: JVNDB-2020-006791 // CNNVD: CNNVD-202006-729 // NVD: CVE-2020-0537

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-161971 // JVNDB: JVNDB-2020-006791 // NVD: CVE-2020-0537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-729

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-729

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006791

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel AMT Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121675
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006791 // 
            
            
            
            CNNVD: CNNVD-202006-729

EXTERNAL IDS
db:NVDid:CVE-2020-0537
Trust: 2.5
db:LENOVOid:LEN-30041
Trust: 1.7
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-006791
Trust: 0.8
db:CNNVDid:CNNVD-202006-729
Trust: 0.7
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:VULHUBid:VHN-161971
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161971 // 
            
            
            
            JVNDB: JVNDB-2020-006791 // 
            
            
            
            CNNVD: CNNVD-202006-729 // 
            
            
            
            NVD: CVE-2020-0537

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200611-0007/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.7
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0537
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0537
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
sources:
            
            
            VULHUB: VHN-161971 // 
            
            
            
            JVNDB: JVNDB-2020-006791 // 
            
            
            
            CNNVD: CNNVD-202006-729 // 
            
            
            
            NVD: CVE-2020-0537

SOURCES
db:VULHUBid:VHN-161971
db:JVNDBid:JVNDB-2020-006791
db:CNNVDid:CNNVD-202006-729
db:NVDid:CVE-2020-0537

LAST UPDATE DATE
2024-11-23T21:03:41.475000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161971date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-006791date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-729date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0537date:2024-11-21T04:53:41.717

SOURCES RELEASE DATE
db:VULHUBid:VHN-161971date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006791date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-729date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0537date:2020-06-15T14:15:10.847