ID

VAR-202011-0064


CVE

CVE-2020-0590


TITLE

plural  Intel(R) Processor  of  BIOS  Input verification vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-013188

DESCRIPTION

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) Processor of BIOS There is an input verification vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // VULMON: CVE-2020-0590

AFFECTED PRODUCTS

vendor:intelmodel:xeon platinum 8253scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5119tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6256scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6128scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 9242scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6230tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 9221scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8280scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4214scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6144scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5220sscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8156scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6238scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5115scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8180scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6240rscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc847escope:ltversion:25.02.08

Trust: 1.0

vendor:intelmodel:xeon platinum 8176scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6238rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6252scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5220tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6246scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6138pscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon bronze 3206rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4116scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6254scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4116tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8276scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon bronze 3104scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4214rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6252nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6262vscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4215scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4210tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5120scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4112scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6209uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8153scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8168scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8276lscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4114scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6138fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6136scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8160tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6138tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6208uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6240lscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 9282scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4210scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6140scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5215lscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6246rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4209tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6154scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6242rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon bronze 3204scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc677escope:ltversion:25.02.08

Trust: 1.0

vendor:intelmodel:xeon gold 5215scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8160fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5220rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5120tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6150scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8164scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6148scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6210uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6130scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4110scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6152scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6242scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5122scope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6226rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8160scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4210rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6238lscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8260lscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6230scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc527gscope:ltversion:1.4.0

Trust: 1.0

vendor:intelmodel:xeon silver 4208scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 9222scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6248scope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6226scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8280lscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6234scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8170scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6212uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6230nscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc547gscope:ltversion:r1.30.0

Trust: 1.0

vendor:intelmodel:xeon gold 6244scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5118scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6142fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4214yscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6132scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6240scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4114tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5218tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6126scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6258rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6134scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5218rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6130fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6230rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5222scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6130tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5220scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6142scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc647escope:ltversion:25.02.08

Trust: 1.0

vendor:intelmodel:xeon platinum 8270scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6126tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon bronze 3106scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8260scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6138scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8176fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6250lscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6148fscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc627escope:ltversion:25.02.08

Trust: 1.0

vendor:intelmodel:xeon gold 5217scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5218scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4215rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8158scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6222vscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6240yscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6238tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5218nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8268scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6146scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4109tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4216scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6126fscope:eqversion: -

Trust: 1.0

vendor:netappmodel:fas\/aff biosscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8260yscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum 8256scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver 4108scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 5218bscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6250scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon gold 6248rscope:eqversion: -

Trust: 1.0

vendor:インテルmodel:biosscope: - version: -

Trust: 0.8

vendor:日立model:日立アドバンストサーバscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013188 // NVD: CVE-2020-0590

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-0590
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201911-1686
value: HIGH

Trust: 0.6

VULMON: CVE-2020-0590
value: MEDIUM

Trust: 0.1

NVD: CVE-2020-0590
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2020-0590
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-0590
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // CNNVD: CNNVD-201911-1686 // NVD: CVE-2020-0590

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013188 // NVD: CVE-2020-0590

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1686

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1686

CONFIGURATIONS

sources: NVD: CVE-2020-0590

PATCH

title:INTEL-SA-00358 Hitachi Server / Client Product Security Informationurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358.html

Trust: 0.8

title:Intel Processors Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=134603

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0bfef52a44075162940391ee650c313e

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03705 rev. 6 - BIOS November 2020 Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=892287da75187b64a9430d6c2f52fb94

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03705 rev. 6 - BIOS November 2020 Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=f872c139829b190dd155b5676016edf1

Trust: 0.1

title:HP: HPSBHF03705 rev. 1 - BIOS November 2020 Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=hpsbhf03705

Trust: 0.1

title: - url:https://github.com/live-hack-cve/cve-2020-0590

Trust: 0.1

sources: VULMON: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // CNNVD: CNNVD-201911-1686

EXTERNAL IDS

db:NVDid:CVE-2020-0590

Trust: 2.5

db:SIEMENSid:SSA-678983

Trust: 1.7

db:JVNid:JVNVU91051134

Trust: 0.8

db:JVNDBid:JVNDB-2020-013188

Trust: 0.8

db:ICS CERTid:ICSA-22-132-05

Trust: 0.7

db:AUSCERTid:ESB-2022.2355

Trust: 0.6

db:AUSCERTid:ESB-2020.3949

Trust: 0.6

db:LENOVOid:LEN-49266

Trust: 0.6

db:CNNVDid:CNNVD-201911-1686

Trust: 0.6

db:VULMONid:CVE-2020-0590

Trust: 0.1

sources: VULMON: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // CNNVD: CNNVD-201911-1686 // NVD: CVE-2020-0590

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20201113-0001/

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-0590

Trust: 1.4

url:https://jvn.jp/vu/jvnvu91051134/

Trust: 0.8

url:https://support.lenovo.com/us/en/product_security/len-49266

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-05

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-bios-33888

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3949/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2355

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2020-0590

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-05

Trust: 0.1

url:https://support.hp.com/us-en/document/c06962236

Trust: 0.1

sources: VULMON: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // CNNVD: CNNVD-201911-1686 // NVD: CVE-2020-0590

CREDITS

Siemen reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-201911-1686

SOURCES

db:VULMONid:CVE-2020-0590
db:JVNDBid:JVNDB-2020-013188
db:CNNVDid:CNNVD-201911-1686
db:NVDid:CVE-2020-0590

LAST UPDATE DATE

2023-01-02T22:26:00.072000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-0590date:2022-10-19T00:00:00
db:JVNDBid:JVNDB-2020-013188date:2021-06-21T07:43:00
db:CNNVDid:CNNVD-201911-1686date:2022-10-20T00:00:00
db:NVDid:CVE-2020-0590date:2022-10-19T19:17:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-0590date:2020-11-12T00:00:00
db:JVNDBid:JVNDB-2020-013188date:2021-06-21T00:00:00
db:CNNVDid:CNNVD-201911-1686date:2019-11-10T00:00:00
db:NVDid:CVE-2020-0590date:2020-11-12T18:15:00