Details of VAR-202011-1375

ID

VAR-202011-1375

CVE

CVE-2020-8754

TITLE

Intel(R) AMT and Intel(R) ISM Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013181

DESCRIPTION

Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT and Intel(R) ISM Is vulnerable to an out-of-bounds read.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. The following products and versions are affected: ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45

Trust: 1.71

sources: NVD: CVE-2020-8754 // JVNDB: JVNDB-2020-013181 // VULHUB: VHN-186879

AFFECTED PRODUCTS

vendor:	intel	model:	active management technology	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	14.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	14.0	Trust: 1.0
vendor:	インテル	model:	intel active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	cloud backup	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel standard manageability	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013181 // NVD: CVE-2020-8754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8754
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-8754
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1663
value:	HIGH
Trust: 0.6
VULHUB:	VHN-186879
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8754
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186879
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8754
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8754
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186879 // JVNDB: JVNDB-2020-013181 // CNNVD: CNNVD-201911-1663 // NVD: CVE-2020-8754

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186879 // JVNDB: JVNDB-2020-013181 // NVD: CVE-2020-8754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1663

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1663

PATCH

title:	NTAP-20201113-0003 Intel Intel Product Security Center	url:	https://security.netapp.com/advisory/ntap-20201113-0003/	Trust: 0.8
title:	Intel AMT and Intel ISM Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134597	Trust: 0.6

sources: JVNDB: JVNDB-2020-013181 // CNNVD: CNNVD-201911-1663

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8754	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013181	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1663	Trust: 0.6
db:	CNVD	id:	CNVD-2020-68831	Trust: 0.1
db:	VULHUB	id:	VHN-186879	Trust: 0.1

sources: VULHUB: VHN-186879 // JVNDB: JVNDB-2020-013181 // CNNVD: CNNVD-201911-1663 // NVD: CVE-2020-8754

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0003/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8754	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186879 // JVNDB: JVNDB-2020-013181 // CNNVD: CNNVD-201911-1663 // NVD: CVE-2020-8754

SOURCES

db:	VULHUB	id:	VHN-186879
db:	JVNDB	id:	JVNDB-2020-013181
db:	CNNVD	id:	CNNVD-201911-1663
db:	NVD	id:	CVE-2020-8754

LAST UPDATE DATE

2024-11-23T19:40:46.256000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186879	date:	2020-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-013181	date:	2021-06-21T07:42:00
db:	CNNVD	id:	CNNVD-201911-1663	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8754	date:	2024-11-21T05:39:23.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186879	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013181	date:	2021-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201911-1663	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8754	date:	2020-11-12T18:15:17.907