Sign-up

ID

VAR-202009-1429


CVE

CVE-2020-8758


TITLE

Intel Active Management Technology Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202009-565

DESCRIPTION

Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. Security vulnerabilities exist in Intel(R) Core(TM), Intel(R) Celeron(R) 8th and 9th generation versions. The vulnerability stems from reading firmware outside the BIOS of 4000 series processors

Trust: 0.99

sources: NVD: CVE-2020-8758 // VULHUB: VHN-186883

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:ltversion:14.0.39

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:ltversion:11.8.79

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.8

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.79

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:gteversion:11.8

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:ltversion:12.0.68

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:ltversion:11.12.79

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.79

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:ltversion:14.0.39

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.22

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.12

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:ltversion:11.22.79

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:gteversion:11.22

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.68

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.79

Trust: 1.0

vendor:intelmodel:standard manageabilityscope:gteversion:11.12

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.0

Trust: 1.0

sources: NVD: CVE-2020-8758

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8758
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202009-565
value: CRITICAL

Trust: 0.6

VULHUB: VHN-186883
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-8758
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-186883
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8758
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-186883 // CNNVD: CNNVD-202009-565 // NVD: CVE-2020-8758

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-186883 // NVD: CVE-2020-8758

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-565

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202009-565

PATCH

title:Intel Active Management Technology Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=128021

Trust: 0.6

sources: CNNVD: CNNVD-202009-565

EXTERNAL IDS

db:NVDid:CVE-2020-8758

Trust: 1.7

db:CNNVDid:CNNVD-202009-565

Trust: 0.7

db:AUSCERTid:ESB-2020.3094.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3094

Trust: 0.6

db:LENOVOid:LEN-41856

Trust: 0.6

db:VULHUBid:VHN-186883

Trust: 0.1

sources: VULHUB: VHN-186883 // CNNVD: CNNVD-202009-565 // NVD: CVE-2020-8758

REFERENCES

url:https://security.netapp.com/advisory/ntap-20200911-0005/

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html

Trust: 1.7

url:https://support.lenovo.com/us/en/product_security/len-41856

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3094/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-8758

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3094.2/

Trust: 0.6

sources: VULHUB: VHN-186883 // CNNVD: CNNVD-202009-565 // NVD: CVE-2020-8758

SOURCES

db:VULHUBid:VHN-186883
db:CNNVDid:CNNVD-202009-565
db:NVDid:CVE-2020-8758

LAST UPDATE DATE

2024-11-23T22:44:26.237000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186883date:2021-07-21T00:00:00
db:CNNVDid:CNNVD-202009-565date:2023-05-23T00:00:00
db:NVDid:CVE-2020-8758date:2024-11-21T05:39:23.397

SOURCES RELEASE DATE

db:VULHUBid:VHN-186883date:2020-09-10T00:00:00
db:CNNVDid:CNNVD-202009-565date:2020-09-09T00:00:00
db:NVDid:CVE-2020-8758date:2020-09-10T15:16:53.827