Details of VAR-202011-1373

ID

VAR-202011-1373

CVE

CVE-2020-8752

TITLE

Intel(R) AMT and Intel(R) ISM Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-013180

DESCRIPTION

Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. Intel(R) AMT and Intel(R) ISM Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel AMT is a software of Intel Corporation that resides in the hardware and allows remote management functions. The following products and versions are affected: ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45

Trust: 1.71

sources: NVD: CVE-2020-8752 // JVNDB: JVNDB-2020-013180 // VULHUB: VHN-186877

AFFECTED PRODUCTS

vendor:	intel	model:	active management technology	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	14.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	14.0	Trust: 1.0
vendor:	インテル	model:	intel active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	cloud backup	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel standard manageability	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013180 // NVD: CVE-2020-8752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8752
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-8752
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201911-1662
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-186877
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-8752
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186877
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8752
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8752
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186877 // JVNDB: JVNDB-2020-013180 // CNNVD: CNNVD-201911-1662 // NVD: CVE-2020-8752

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186877 // JVNDB: JVNDB-2020-013180 // NVD: CVE-2020-8752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1662

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1662

PATCH

title:	NTAP-20201113-0003 Intel Intel Product Security Center	url:	https://security.netapp.com/advisory/ntap-20201113-0003/	Trust: 0.8
title:	Intel AMT and Intel ISM Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134596	Trust: 0.6

sources: JVNDB: JVNDB-2020-013180 // CNNVD: CNNVD-201911-1662

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8752	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013180	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1662	Trust: 0.6
db:	VULHUB	id:	VHN-186877	Trust: 0.1

sources: VULHUB: VHN-186877 // JVNDB: JVNDB-2020-013180 // CNNVD: CNNVD-201911-1662 // NVD: CVE-2020-8752

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0003/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8752	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186877 // JVNDB: JVNDB-2020-013180 // CNNVD: CNNVD-201911-1662 // NVD: CVE-2020-8752

SOURCES

db:	VULHUB	id:	VHN-186877
db:	JVNDB	id:	JVNDB-2020-013180
db:	CNNVD	id:	CNNVD-201911-1662
db:	NVD	id:	CVE-2020-8752

LAST UPDATE DATE

2024-11-23T19:42:48.394000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186877	date:	2020-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-013180	date:	2021-06-21T07:42:00
db:	CNNVD	id:	CNNVD-201911-1662	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8752	date:	2024-11-21T05:39:22.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186877	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013180	date:	2021-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201911-1662	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8752	date:	2020-11-12T18:15:17.753