Sign-up

ID

VAR-202011-0146


CVE

CVE-2020-12303


TITLE

Intel(R) CSME  and  TXE  Vulnerabilities in the use of freed memory

Trust: 0.8

sources: JVNDB: JVNDB-2020-013442

DESCRIPTION

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. Intel(R) CSME and TXE Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-12303 // JVNDB: JVNDB-2020-013442 // VULHUB: VHN-164968

AFFECTED PRODUCTS

vendor:intelmodel:converged security and manageability enginescope:ltversion:11.22.80

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:14.5.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:14.0.45

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:11.12.80

Trust: 1.0

vendor:intelmodel:trusted execution technologyscope:eqversion:4.0.30

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:11.8.80

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:12.0.70

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:11.12.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:14.5.25

Trust: 1.0

vendor:intelmodel:trusted execution technologyscope:eqversion:3.1.80

Trust: 1.0

vendor:インテルmodel:trusted execution technologyscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel converged security and manageability enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013442 // NVD: CVE-2020-12303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12303
value: HIGH

Trust: 1.0

NVD: CVE-2020-12303
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-1672
value: HIGH

Trust: 0.6

VULHUB: VHN-164968
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12303
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-164968
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12303
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-12303
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-164968 // JVNDB: JVNDB-2020-013442 // CNNVD: CNNVD-201911-1672 // NVD: CVE-2020-12303

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-164968 // JVNDB: JVNDB-2020-013442 // NVD: CVE-2020-12303

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1672

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1672

PATCH

title:INTEL-SA-00391url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Trust: 0.8

title:Intel CSME and Intel TXE Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135273

Trust: 0.6

sources: JVNDB: JVNDB-2020-013442 // CNNVD: CNNVD-201911-1672

EXTERNAL IDS

db:NVDid:CVE-2020-12303

Trust: 2.5

db:JVNid:JVNVU98002571

Trust: 0.8

db:JVNDBid:JVNDB-2020-013442

Trust: 0.8

db:LENOVOid:LEN-39432

Trust: 0.6

db:AUSCERTid:ESB-2020.3958.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3958

Trust: 0.6

db:CNNVDid:CNNVD-201911-1672

Trust: 0.6

db:VULHUBid:VHN-164968

Trust: 0.1

sources: VULHUB: VHN-164968 // JVNDB: JVNDB-2020-013442 // CNNVD: CNNVD-201911-1672 // NVD: CVE-2020-12303

REFERENCES

url:https://security.netapp.com/advisory/ntap-20201113-0002/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20201113-0005/

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-12303

Trust: 1.4

url:https://jvn.jp/vu/jvnvu98002571/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.3958/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3958.2/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-39432

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887

Trust: 0.6

sources: VULHUB: VHN-164968 // JVNDB: JVNDB-2020-013442 // CNNVD: CNNVD-201911-1672 // NVD: CVE-2020-12303

SOURCES

db:VULHUBid:VHN-164968
db:JVNDBid:JVNDB-2020-013442
db:CNNVDid:CNNVD-201911-1672
db:NVDid:CVE-2020-12303

LAST UPDATE DATE

2024-11-23T21:30:44.743000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-164968date:2020-11-24T00:00:00
db:JVNDBid:JVNDB-2020-013442date:2021-07-06T04:58:00
db:CNNVDid:CNNVD-201911-1672date:2021-01-04T00:00:00
db:NVDid:CVE-2020-12303date:2024-11-21T04:59:28.930

SOURCES RELEASE DATE

db:VULHUBid:VHN-164968date:2020-11-12T00:00:00
db:JVNDBid:JVNDB-2020-013442date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-201911-1672date:2019-11-10T00:00:00
db:NVDid:CVE-2020-12303date:2020-11-12T18:15:13.517