Details of VAR-202011-0064

ID

VAR-202011-0064

CVE

CVE-2020-0590

TITLE

plural Intel(R) Processor of BIOS Input verification vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-013188

DESCRIPTION

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) Processor of BIOS There is an input verification vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // VULMON: CVE-2020-0590

AFFECTED PRODUCTS

vendor:	intel	model:	xeon platinum 8253	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5119t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6256	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6128	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 9242	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6230t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 9221	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8280	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4214	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6144	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5220s	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8156	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6238	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5115	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8180	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6240r	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc847e	scope:	lt	version:	25.02.08	Trust: 1.0
vendor:	intel	model:	xeon platinum 8176	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6238r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6252	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5220t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6246	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6138p	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon bronze 3206r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4116	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6254	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4116t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8276	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon bronze 3104	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4214r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6252n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6262v	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4215	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4210t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5120	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4112	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6209u	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8153	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8168	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8276l	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4114	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6138f	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6136	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8160t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6138t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6208u	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6240l	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 9282	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4210	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6140	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5215l	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6246r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4209t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6154	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6242r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon bronze 3204	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc677e	scope:	lt	version:	25.02.08	Trust: 1.0
vendor:	intel	model:	xeon gold 5215	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8160f	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5220r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5120t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6150	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8164	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6148	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6210u	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6130	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4110	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6152	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6242	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5122	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6226r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8160	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4210r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6238l	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8260l	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6230	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc527g	scope:	lt	version:	1.4.0	Trust: 1.0
vendor:	intel	model:	xeon silver 4208	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 9222	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6248	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6226	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8280l	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6234	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8170	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6212u	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6230n	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc547g	scope:	lt	version:	r1.30.0	Trust: 1.0
vendor:	intel	model:	xeon gold 6244	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5118	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6142f	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4214y	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6132	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6240	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4114t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5218t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6126	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6258r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6134	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5218r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6130f	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6230r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5222	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6130t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5220	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6142	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc647e	scope:	lt	version:	25.02.08	Trust: 1.0
vendor:	intel	model:	xeon platinum 8270	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6126t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon bronze 3106	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8260	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6138	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8176f	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6250l	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6148f	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc627e	scope:	lt	version:	25.02.08	Trust: 1.0
vendor:	intel	model:	xeon gold 5217	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5218	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4215r	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8158	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6222v	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6240y	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6238t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5218n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8268	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6146	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4109t	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4216	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6126f	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	fas\/aff bios	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8260y	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum 8256	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver 4108	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 5218b	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6250	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon gold 6248r	scope:	eq	version:	-	Trust: 1.0
vendor:	インテル	model:	bios	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立アドバンストサーバ	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013188 // NVD: CVE-2020-0590

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-0590
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201911-1686
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-0590
value:	MEDIUM
Trust: 0.1

NVD:	CVE-2020-0590
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.9

NVD:	CVE-2020-0590
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-0590
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // CNNVD: CNNVD-201911-1686 // NVD: CVE-2020-0590

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013188 // NVD: CVE-2020-0590

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1686

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1686

CONFIGURATIONS

sources: NVD: CVE-2020-0590

PATCH

title:	INTEL-SA-00358 Hitachi Server / Client Product Security Information	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358.html	Trust: 0.8
title:	Intel Processors Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqbyid.tag?id=134603	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0bfef52a44075162940391ee650c313e	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03705 rev. 6 - BIOS November 2020 Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=892287da75187b64a9430d6c2f52fb94	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03705 rev. 6 - BIOS November 2020 Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=f872c139829b190dd155b5676016edf1	Trust: 0.1
title:	HP: HPSBHF03705 rev. 1 - BIOS November 2020 Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=hpsbhf03705	Trust: 0.1
title:	-	url:	https://github.com/live-hack-cve/cve-2020-0590	Trust: 0.1

sources: VULMON: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // CNNVD: CNNVD-201911-1686

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0590	Trust: 2.5
db:	SIEMENS	id:	SSA-678983	Trust: 1.7
db:	JVN	id:	JVNVU91051134	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-013188	Trust: 0.8
db:	ICS CERT	id:	ICSA-22-132-05	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.2355	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3949	Trust: 0.6
db:	LENOVO	id:	LEN-49266	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1686	Trust: 0.6
db:	VULMON	id:	CVE-2020-0590	Trust: 0.1

sources: VULMON: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // CNNVD: CNNVD-201911-1686 // NVD: CVE-2020-0590

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20201113-0001/	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0590	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91051134/	Trust: 0.8
url:	https://support.lenovo.com/us/en/product_security/len-49266	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-132-05	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-bios-33888	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3949/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2355	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2020-0590	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-05	Trust: 0.1
url:	https://support.hp.com/us-en/document/c06962236	Trust: 0.1

sources: VULMON: CVE-2020-0590 // JVNDB: JVNDB-2020-013188 // CNNVD: CNNVD-201911-1686 // NVD: CVE-2020-0590

CREDITS

Siemen reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-201911-1686

SOURCES

db:	VULMON	id:	CVE-2020-0590
db:	JVNDB	id:	JVNDB-2020-013188
db:	CNNVD	id:	CNNVD-201911-1686
db:	NVD	id:	CVE-2020-0590

LAST UPDATE DATE

2023-01-02T22:26:00.072000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-0590	date:	2022-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-013188	date:	2021-06-21T07:43:00
db:	CNNVD	id:	CNNVD-201911-1686	date:	2022-10-20T00:00:00
db:	NVD	id:	CVE-2020-0590	date:	2022-10-19T19:17:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-0590	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013188	date:	2021-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201911-1686	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-0590	date:	2020-11-12T18:15:00