Sign-up

ID

VAR-202006-0254


CVE

CVE-2020-0539


TITLE

Intel(R) CSME and TXE Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006828

DESCRIPTION

Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access. Intel(R) CSME and TXE Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A path traversal vulnerability exists in the subsystems of Intel TXE and CSME (Intel DAL software). An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64, before 13.0.32, before 14.0.33; Intel TXE 3.1.75 Previous versions, versions before 4.0.25

Trust: 1.71

sources: NVD: CVE-2020-0539 // JVNDB: JVNDB-2020-006828 // VULHUB: VHN-161973

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.8.77

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:11.22.77

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:13.0.32

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:12.0.64

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.25

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:11.12.77

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.75

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:14.0.33

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:eqversion:11.12.77

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:11.22.77

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:11.8.77

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:12.0.64

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:13.0.32

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:14.0.33

Trust: 0.8

vendor:intelmodel:trusted execution enginescope:eqversion:3.1.75

Trust: 0.8

vendor:intelmodel:trusted execution enginescope:eqversion:4.0.25

Trust: 0.8

sources: JVNDB: JVNDB-2020-006828 // NVD: CVE-2020-0539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0539
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006828
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-737
value: MEDIUM

Trust: 0.6

VULHUB: VHN-161973
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-0539
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006828
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161973
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0539
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006828
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161973 // JVNDB: JVNDB-2020-006828 // CNNVD: CNNVD-202006-737 // NVD: CVE-2020-0539

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-161973 // JVNDB: JVNDB-2020-006828 // NVD: CVE-2020-0539

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-737

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202006-737

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006828

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel TXE  and CSME Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122455
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006828 // 
            
            
            
            CNNVD: CNNVD-202006-737

EXTERNAL IDS
db:NVDid:CVE-2020-0539
Trust: 2.5
db:LENOVOid:LEN-30041
Trust: 1.7
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-006828
Trust: 0.8
db:CNNVDid:CNNVD-202006-737
Trust: 0.7
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:VULHUBid:VHN-161973
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161973 // 
            
            
            
            JVNDB: JVNDB-2020-006828 // 
            
            
            
            CNNVD: CNNVD-202006-737 // 
            
            
            
            NVD: CVE-2020-0539

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200611-0006/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.7
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0539
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0539
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
sources:
            
            
            VULHUB: VHN-161973 // 
            
            
            
            JVNDB: JVNDB-2020-006828 // 
            
            
            
            CNNVD: CNNVD-202006-737 // 
            
            
            
            NVD: CVE-2020-0539

SOURCES
db:VULHUBid:VHN-161973
db:JVNDBid:JVNDB-2020-006828
db:CNNVDid:CNNVD-202006-737
db:NVDid:CVE-2020-0539

LAST UPDATE DATE
2024-11-23T20:03:58.834000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161973date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-006828date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-737date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0539date:2024-11-21T04:53:41.967

SOURCES RELEASE DATE
db:VULHUBid:VHN-161973date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006828date:2020-07-20T00:00:00
db:CNNVDid:CNNVD-202006-737date:2020-06-09T00:00:00
db:NVDid:CVE-2020-0539date:2020-06-15T14:15:10.970