Details of VAR-202006-0253

ID

VAR-202006-0253

CVE

CVE-2020-0538

TITLE

Intel(R) AMT Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006792

DESCRIPTION

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. Intel(R) AMT There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel AMT versions prior to 11.8.77, versions prior to 11.12.77, versions prior to 11.22.77, and versions prior to 12.0.64

Trust: 1.8

sources: NVD: CVE-2020-0538 // JVNDB: JVNDB-2020-006792 // VULHUB: VHN-161972 // VULMON: CVE-2020-0538

AFFECTED PRODUCTS

vendor:	intel	model:	active management technology	scope:	gte	version:	11.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.22.77	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	11.20	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	12.0.64	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	11.10	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.12.77	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.8.77	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	eq	version:	11.12.77	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	eq	version:	11.22.77	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	eq	version:	11.8.77	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	eq	version:	12.0.64	Trust: 0.8

sources: JVNDB: JVNDB-2020-006792 // NVD: CVE-2020-0538

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0538
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006792
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202006-734
value:	HIGH
Trust: 0.6
VULHUB:	VHN-161972
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-0538
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-0538
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-006792
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-161972
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-0538
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006792
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-161972 // VULMON: CVE-2020-0538 // JVNDB: JVNDB-2020-006792 // CNNVD: CNNVD-202006-734 // NVD: CVE-2020-0538

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-161972 // JVNDB: JVNDB-2020-006792 // NVD: CVE-2020-0538

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-734

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-734

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006792

PATCH

title:	INTEL-SA-00295	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Trust: 0.8
title:	Intel AMT Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121676	Trust: 0.6
title:	HP: HPSBHF03667 rev. 1 - Intel® 2020.1 IPU - CSME, SPS, TXT, AMT and DAL Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03667	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/	Trust: 0.1

sources: VULMON: CVE-2020-0538 // JVNDB: JVNDB-2020-006792 // CNNVD: CNNVD-202006-734

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0538	Trust: 2.6
db:	LENOVO	id:	LEN-30041	Trust: 1.8
db:	JVN	id:	JVNVU98979613	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006792	Trust: 0.8
db:	CNNVD	id:	CNNVD-202006-734	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1991.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1991	Trust: 0.6
db:	VULHUB	id:	VHN-161972	Trust: 0.1
db:	VULMON	id:	CVE-2020-0538	Trust: 0.1

sources: VULHUB: VHN-161972 // VULMON: CVE-2020-0538 // JVNDB: JVNDB-2020-006792 // CNNVD: CNNVD-202006-734 // NVD: CVE-2020-0538

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20200611-0007/	Trust: 1.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Trust: 1.8
url:	https://support.lenovo.com/de/en/product_security/len-30041	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0538	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0538	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98979613/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1991/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1991.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-30041	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/183147	Trust: 0.1
url:	https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/	Trust: 0.1

sources: VULHUB: VHN-161972 // VULMON: CVE-2020-0538 // JVNDB: JVNDB-2020-006792 // CNNVD: CNNVD-202006-734 // NVD: CVE-2020-0538

SOURCES

db:	VULHUB	id:	VHN-161972
db:	VULMON	id:	CVE-2020-0538
db:	JVNDB	id:	JVNDB-2020-006792
db:	CNNVD	id:	CNNVD-202006-734
db:	NVD	id:	CVE-2020-0538

LAST UPDATE DATE

2024-11-23T21:25:45.816000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-161972	date:	2020-07-22T00:00:00
db:	VULMON	id:	CVE-2020-0538	date:	2020-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-006792	date:	2020-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202006-734	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2020-0538	date:	2024-11-21T04:53:41.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-161972	date:	2020-06-15T00:00:00
db:	VULMON	id:	CVE-2020-0538	date:	2020-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-006792	date:	2020-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202006-734	date:	2020-06-09T00:00:00
db:	NVD	id:	CVE-2020-0538	date:	2020-06-15T14:15:10.910