Sign-up

ID

VAR-202006-1686


CVE

CVE-2020-8674


TITLE

Treck IP stacks contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#257161

DESCRIPTION

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.CVE-2020-0594 Unknown CVE-2020-0595 Unknown CVE-2020-0597 Unknown CVE-2020-11896 Affected CVE-2020-11897 Not Affected CVE-2020-11898 Affected CVE-2020-11899 Not Affected CVE-2020-11900 Affected CVE-2020-11901 Not Affected CVE-2020-11902 Not Affected CVE-2020-11903 Not Affected CVE-2020-11904 Not Affected CVE-2020-11905 Not Affected CVE-2020-11906 Affected CVE-2020-11907 Affected CVE-2020-11908 Not Affected CVE-2020-11909 Not Affected CVE-2020-11910 Not Affected CVE-2020-11911 Affected CVE-2020-11912 Affected CVE-2020-11913 Not Affected CVE-2020-11914 Affected CVE-2020-8674 UnknownCVE-2020-0594 Unknown CVE-2020-0595 Unknown CVE-2020-0597 Unknown CVE-2020-11896 Affected CVE-2020-11897 Not Affected CVE-2020-11898 Affected CVE-2020-11899 Not Affected CVE-2020-11900 Affected CVE-2020-11901 Not Affected CVE-2020-11902 Not Affected CVE-2020-11903 Not Affected CVE-2020-11904 Not Affected CVE-2020-11905 Not Affected CVE-2020-11906 Affected CVE-2020-11907 Affected CVE-2020-11908 Not Affected CVE-2020-11909 Not Affected CVE-2020-11910 Not Affected CVE-2020-11911 Affected CVE-2020-11912 Affected CVE-2020-11913 Not Affected CVE-2020-11914 Affected CVE-2020-8674 Unknown. Intel(R) AMT and ISM Exists in an out-of-bounds read vulnerability.Information may be obtained. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64, before 14.0.33; ISM before 11.8.76, before 11.12.77 Version, version before 11.22.77, version before 12.0.64, version before 14.0.33

Trust: 2.43

sources: NVD: CVE-2020-8674 // CERT/CC: VU#257161 // JVNDB: JVNDB-2020-006809 // VULHUB: VHN-186799

AFFECTED PRODUCTS

vendor:intelmodel:service managerscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:service managerscope:ltversion:11.8.77

Trust: 1.0

vendor:intelmodel:service managerscope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.77

Trust: 1.0

vendor:intelmodel:service managerscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:service managerscope:ltversion:14.0.33

Trust: 1.0

vendor:intelmodel:service managerscope:ltversion:11.22.77

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:14.0.33

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:service managerscope:ltversion:12.0.64

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:service managerscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.77

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.64

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.77

Trust: 1.0

vendor:intelmodel:service managerscope:ltversion:11.12.77

Trust: 1.0

vendor:intelmodel:service managerscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:eqversion:11.12.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:11.22.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:11.8.77

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:12.0.64

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:14.0.33

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:11.12.77

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:11.22.77

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:11.8.77

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:12.0.64

Trust: 0.8

vendor:intelmodel:standard manageabilityscope:eqversion:14.0.33

Trust: 0.8

sources: JVNDB: JVNDB-2020-006809 // NVD: CVE-2020-8674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8674
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006809
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-814
value: MEDIUM

Trust: 0.6

VULHUB: VHN-186799
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8674
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006809
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186799
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8674
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006809
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186799 // JVNDB: JVNDB-2020-006809 // CNNVD: CNNVD-202006-814 // NVD: CVE-2020-8674

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-186799 // JVNDB: JVNDB-2020-006809 // NVD: CVE-2020-8674

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-814

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-814

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006809

PATCH
title:INTEL-SA-00295url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 0.8
title:Intel AMT  and ISM Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122464
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006809 // 
            
            
            
            CNNVD: CNNVD-202006-814

EXTERNAL IDS
db:NVDid:CVE-2020-8674
Trust: 3.3
db:CERT/CCid:VU#257161
Trust: 2.5
db:LENOVOid:LEN-30041
Trust: 1.7
db:JVNid:JVNVU98979613
Trust: 0.8
db:JVNDBid:JVNDB-2020-006809
Trust: 0.8
db:CNNVDid:CNNVD-202006-814
Trust: 0.7
db:AUSCERTid:ESB-2020.1991
Trust: 0.6
db:AUSCERTid:ESB-2020.1991.2
Trust: 0.6
db:VULHUBid:VHN-186799
Trust: 0.1
sources:
            
            
            CERT/CC: VU#257161 // 
            
            
            
            VULHUB: VHN-186799 // 
            
            
            
            JVNDB: JVNDB-2020-006809 // 
            
            
            
            CNNVD: CNNVD-202006-814 // 
            
            
            
            NVD: CVE-2020-8674

REFERENCES
url:https://www.kb.cert.org/vuls/id/257161
Trust: 1.7
url:https://security.netapp.com/advisory/ntap-20200611-0007/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Trust: 1.7
url:https://www.synology.com/security/advisory/synology_sa_20_15
Trust: 1.7
url:https://support.lenovo.com/de/en/product_security/len-30041
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-8674
Trust: 1.4
url:cve-2020-0594  
Trust: 0.8
url:cve-2020-0595  
Trust: 0.8
url:cve-2020-0597  
Trust: 0.8
url:cve-2020-11896  
Trust: 0.8
url:cve-2020-11897  
Trust: 0.8
url:cve-2020-11898  
Trust: 0.8
url:cve-2020-11899  
Trust: 0.8
url:cve-2020-11900  
Trust: 0.8
url:cve-2020-11901  
Trust: 0.8
url:cve-2020-11902  
Trust: 0.8
url:cve-2020-11903  
Trust: 0.8
url:cve-2020-11904  
Trust: 0.8
url:cve-2020-11905  
Trust: 0.8
url:cve-2020-11906  
Trust: 0.8
url:cve-2020-11907  
Trust: 0.8
url:cve-2020-11908  
Trust: 0.8
url:cve-2020-11909  
Trust: 0.8
url:cve-2020-11910  
Trust: 0.8
url:cve-2020-11911  
Trust: 0.8
url:cve-2020-11912  
Trust: 0.8
url:cve-2020-11913  
Trust: 0.8
url:cve-2020-11914  
Trust: 0.8
url:cve-2020-8674  
Trust: 0.8
url:vince json
Trust: 0.8
url:csaf
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8674
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98979613/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1991/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1991.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30041
Trust: 0.6
sources:
            
            
            CERT/CC: VU#257161 // 
            
            
            
            VULHUB: VHN-186799 // 
            
            
            
            JVNDB: JVNDB-2020-006809 // 
            
            
            
            CNNVD: CNNVD-202006-814 // 
            
            
            
            NVD: CVE-2020-8674

CREDITS
This document was written by Vijay Sarvepalli.
Trust: 0.8
sources:
            
            
            CERT/CC: VU#257161

SOURCES
db:CERT/CCid:VU#257161
db:VULHUBid:VHN-186799
db:JVNDBid:JVNDB-2020-006809
db:CNNVDid:CNNVD-202006-814
db:NVDid:CVE-2020-8674

LAST UPDATE DATE
2024-11-23T21:02:12.983000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#257161date:2022-09-20T00:00:00
db:VULHUBid:VHN-186799date:2021-03-18T00:00:00
db:JVNDBid:JVNDB-2020-006809date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-814date:2021-05-24T00:00:00
db:NVDid:CVE-2020-8674date:2024-11-21T05:39:14.073

SOURCES RELEASE DATE
db:CERT/CCid:VU#257161date:2020-06-16T00:00:00
db:VULHUBid:VHN-186799date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006809date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-814date:2020-06-09T00:00:00
db:NVDid:CVE-2020-8674date:2020-06-15T14:15:12.440