Sign-up

ID

VAR-202011-0184


CVE

CVE-2020-12297


TITLE

Intel(R) CSME  Driver and  TXE  Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2020-013441

DESCRIPTION

Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. Intel(R) CSME Driver and TXE Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-12297 // JVNDB: JVNDB-2020-013441 // VULHUB: VHN-164961

AFFECTED PRODUCTS

vendor:intelmodel:converged security and manageability enginescope:ltversion:11.22.80

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:14.5.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:14.0.45

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:11.12.80

Trust: 1.0

vendor:intelmodel:trusted execution technologyscope:eqversion:4.0.30

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:11.8.80

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:12.0.70

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:gteversion:11.12.0

Trust: 1.0

vendor:intelmodel:converged security and manageability enginescope:ltversion:14.5.25

Trust: 1.0

vendor:intelmodel:trusted execution technologyscope:eqversion:3.1.80

Trust: 1.0

vendor:インテルmodel:trusted execution technologyscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel converged security and manageability enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013441 // NVD: CVE-2020-12297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12297
value: HIGH

Trust: 1.0

NVD: CVE-2020-12297
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-1669
value: HIGH

Trust: 0.6

VULHUB: VHN-164961
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12297
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-164961
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12297
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-12297
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-164961 // JVNDB: JVNDB-2020-013441 // CNNVD: CNNVD-201911-1669 // NVD: CVE-2020-12297

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-269

Trust: 0.1

sources: VULHUB: VHN-164961 // JVNDB: JVNDB-2020-013441 // NVD: CVE-2020-12297

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1669

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-1669

PATCH

title:INTEL-SA-00391url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Trust: 0.8

title:Intel TXE Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134981

Trust: 0.6

sources: JVNDB: JVNDB-2020-013441 // CNNVD: CNNVD-201911-1669

EXTERNAL IDS

db:NVDid:CVE-2020-12297

Trust: 2.5

db:JVNid:JVNVU98002571

Trust: 0.8

db:JVNDBid:JVNDB-2020-013441

Trust: 0.8

db:LENOVOid:LEN-39432

Trust: 0.6

db:AUSCERTid:ESB-2020.3958.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3958

Trust: 0.6

db:CNNVDid:CNNVD-201911-1669

Trust: 0.6

db:VULHUBid:VHN-164961

Trust: 0.1

sources: VULHUB: VHN-164961 // JVNDB: JVNDB-2020-013441 // CNNVD: CNNVD-201911-1669 // NVD: CVE-2020-12297

REFERENCES

url:https://security.netapp.com/advisory/ntap-20201113-0002/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20201113-0005/

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-12297

Trust: 1.4

url:https://jvn.jp/vu/jvnvu98002571/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.3958/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3958.2/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-39432

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887

Trust: 0.6

sources: VULHUB: VHN-164961 // JVNDB: JVNDB-2020-013441 // CNNVD: CNNVD-201911-1669 // NVD: CVE-2020-12297

SOURCES

db:VULHUBid:VHN-164961
db:JVNDBid:JVNDB-2020-013441
db:CNNVDid:CNNVD-201911-1669
db:NVDid:CVE-2020-12297

LAST UPDATE DATE

2024-11-23T20:05:39.167000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-164961date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-013441date:2021-07-06T04:58:00
db:CNNVDid:CNNVD-201911-1669date:2021-01-04T00:00:00
db:NVDid:CVE-2020-12297date:2024-11-21T04:59:28.347

SOURCES RELEASE DATE

db:VULHUBid:VHN-164961date:2020-11-12T00:00:00
db:JVNDBid:JVNDB-2020-013441date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-201911-1669date:2019-11-10T00:00:00
db:NVDid:CVE-2020-12297date:2020-11-12T18:15:13.457