Details of VAR-202011-1362

ID

VAR-202011-1362

CVE

CVE-2020-8705

TITLE

plural Intel Product resource initialization to unsafe default values

Trust: 0.8

sources: JVNDB: JVNDB-2020-013582

DESCRIPTION

Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. Intel(R) CSME , TXE , SPS There is a vulnerability in the initialization of resources to insecure default values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-8705 // JVNDB: JVNDB-2020-013582 // VULHUB: VHN-186830

AFFECTED PRODUCTS

vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	13.0	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	13.0.40	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	13.30.0	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	server platform services	scope:	eq	version:	sps_e3_04.01.04.200	Trust: 1.0
vendor:	intel	model:	server platform services	scope:	eq	version:	sps_e5_04.01.04.400	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	14.0	Trust: 1.0
vendor:	intel	model:	server platform services	scope:	eq	version:	sps_soc-a_04.00.04.300	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	trusted execution technology	scope:	eq	version:	4.0.30	Trust: 1.0
vendor:	intel	model:	server platform services	scope:	eq	version:	sps_soc-x_04.00.04.200	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	13.30.10	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	intel	model:	trusted execution technology	scope:	eq	version:	3.1.80	Trust: 1.0
vendor:	インテル	model:	trusted execution technology	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	trusted execution technology	scope:	eq	version:	intel converged security manageability engine	Trust: 0.8
vendor:	インテル	model:	trusted execution technology	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	trusted execution technology	scope:	eq	version:	server platform services	Trust: 0.8

sources: JVNDB: JVNDB-2020-013582 // NVD: CVE-2020-8705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8705
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8705
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1655
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186830
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8705
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186830
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8705
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8705
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186830 // JVNDB: JVNDB-2020-013582 // CNNVD: CNNVD-201911-1655 // NVD: CVE-2020-8705

PROBLEMTYPE DATA

problemtype:	CWE-1188	Trust: 1.0
problemtype:	Initializing resources to unsafe default values (CWE-1188) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013582 // NVD: CVE-2020-8705

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-1655

PATCH

title:	INTEL-SA-00391	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html	Trust: 0.8
title:	Multiple Intel Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135436	Trust: 0.6

sources: JVNDB: JVNDB-2020-013582 // CNNVD: CNNVD-201911-1655

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8705	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013582	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1655	Trust: 0.6
db:	VULHUB	id:	VHN-186830	Trust: 0.1

sources: VULHUB: VHN-186830 // JVNDB: JVNDB-2020-013582 // CNNVD: CNNVD-201911-1655 // NVD: CVE-2020-8705

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0002/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20201113-0004/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20201113-0005/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8705	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186830 // JVNDB: JVNDB-2020-013582 // CNNVD: CNNVD-201911-1655 // NVD: CVE-2020-8705

SOURCES

db:	VULHUB	id:	VHN-186830
db:	JVNDB	id:	JVNDB-2020-013582
db:	CNNVD	id:	CNNVD-201911-1655
db:	NVD	id:	CVE-2020-8705

LAST UPDATE DATE

2024-11-23T20:16:38.052000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186830	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013582	date:	2021-07-08T07:58:00
db:	CNNVD	id:	CNNVD-201911-1655	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8705	date:	2024-11-21T05:39:17.910

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186830	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013582	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201911-1655	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8705	date:	2020-11-12T18:15:16.847