Details of VAR-202011-1374

ID

VAR-202011-1374

CVE

CVE-2020-8753

TITLE

Intel(R) AMT and ISM Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013416

DESCRIPTION

Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT and ISM Is vulnerable to an out-of-bounds read.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-8753 // JVNDB: JVNDB-2020-013416 // VULHUB: VHN-186878

AFFECTED PRODUCTS

vendor:	intel	model:	active management technology	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	14.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	14.0	Trust: 1.0
vendor:	インテル	model:	intel standard manageability	scope:	eq	version:	11.22.80	Trust: 0.8
vendor:	インテル	model:	intel standard manageability	scope:	eq	version:	12.0.70	Trust: 0.8
vendor:	インテル	model:	intel standard manageability	scope:	eq	version:	11.8.80	Trust: 0.8
vendor:	インテル	model:	intel standard manageability	scope:	eq	version:	14.0.45	Trust: 0.8
vendor:	インテル	model:	intel standard manageability	scope:	eq	version:	11.12.80	Trust: 0.8
vendor:	インテル	model:	intel active management technology	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013416 // NVD: CVE-2020-8753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8753
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-8753
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1664
value:	HIGH
Trust: 0.6
VULHUB:	VHN-186878
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8753
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186878
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8753
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8753
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186878 // JVNDB: JVNDB-2020-013416 // CNNVD: CNNVD-201911-1664 // NVD: CVE-2020-8753

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186878 // JVNDB: JVNDB-2020-013416 // NVD: CVE-2020-8753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1664

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1664

PATCH

title:	INTEL-SA-00391	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html	Trust: 0.8
title:	Intel AMT and Intel ISM Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135271	Trust: 0.6

sources: JVNDB: JVNDB-2020-013416 // CNNVD: CNNVD-201911-1664

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8753	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013416	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1664	Trust: 0.6
db:	VULHUB	id:	VHN-186878	Trust: 0.1

sources: VULHUB: VHN-186878 // JVNDB: JVNDB-2020-013416 // CNNVD: CNNVD-201911-1664 // NVD: CVE-2020-8753

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0003/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8753	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186878 // JVNDB: JVNDB-2020-013416 // CNNVD: CNNVD-201911-1664 // NVD: CVE-2020-8753

SOURCES

db:	VULHUB	id:	VHN-186878
db:	JVNDB	id:	JVNDB-2020-013416
db:	CNNVD	id:	CNNVD-201911-1664
db:	NVD	id:	CVE-2020-8753

LAST UPDATE DATE

2024-11-23T19:47:13.849000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186878	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013416	date:	2021-07-02T04:36:00
db:	CNNVD	id:	CNNVD-201911-1664	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8753	date:	2024-11-21T05:39:22.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186878	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013416	date:	2021-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201911-1664	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8753	date:	2020-11-12T18:15:17.830