Sign-up

ID

VAR-202011-1379


CVE

CVE-2020-8760


TITLE

Intel(R) AMT  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013183

DESCRIPTION

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) AMT Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel AMT is a software of Intel Corporation that resides in the hardware and allows remote management functions. The following products and versions are affected: Version 11.8.80, Version 11.12.80, Version 11.22.80, Version 12.0.70, Version 14.0.45

Trust: 1.71

sources: NVD: CVE-2020-8760 // JVNDB: JVNDB-2020-013183 // VULHUB: VHN-186885

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:14.0.45

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.80

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.70

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.80

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.80

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.0

Trust: 1.0

vendor:インテルmodel:intel active management technologyscope: - version: -

Trust: 0.8

vendor:netappmodel:cloud backupscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013183 // NVD: CVE-2020-8760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8760
value: HIGH

Trust: 1.0

NVD: CVE-2020-8760
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-1668
value: HIGH

Trust: 0.6

VULHUB: VHN-186885
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8760
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-186885
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8760
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-8760
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186885 // JVNDB: JVNDB-2020-013183 // CNNVD: CNNVD-201911-1668 // NVD: CVE-2020-8760

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-186885 // JVNDB: JVNDB-2020-013183 // NVD: CVE-2020-8760

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1668

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1668

PATCH

title:NTAP-20201113-0003 Intel Intel Product Security Centerurl:https://security.netapp.com/advisory/ntap-20201113-0003/

Trust: 0.8

title:Intel AMT Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134599

Trust: 0.6

sources: JVNDB: JVNDB-2020-013183 // CNNVD: CNNVD-201911-1668

EXTERNAL IDS

db:NVDid:CVE-2020-8760

Trust: 2.5

db:JVNDBid:JVNDB-2020-013183

Trust: 0.8

db:LENOVOid:LEN-39432

Trust: 0.6

db:AUSCERTid:ESB-2020.3958.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3958

Trust: 0.6

db:CNNVDid:CNNVD-201911-1668

Trust: 0.6

db:CNVDid:CNVD-2020-66304

Trust: 0.1

db:VULHUBid:VHN-186885

Trust: 0.1

sources: VULHUB: VHN-186885 // JVNDB: JVNDB-2020-013183 // CNNVD: CNNVD-201911-1668 // NVD: CVE-2020-8760

REFERENCES

url:https://security.netapp.com/advisory/ntap-20201113-0003/

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-8760

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3958/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3958.2/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-39432

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887

Trust: 0.6

sources: VULHUB: VHN-186885 // JVNDB: JVNDB-2020-013183 // CNNVD: CNNVD-201911-1668 // NVD: CVE-2020-8760

SOURCES

db:VULHUBid:VHN-186885
db:JVNDBid:JVNDB-2020-013183
db:CNNVDid:CNNVD-201911-1668
db:NVDid:CVE-2020-8760

LAST UPDATE DATE

2024-11-23T19:50:18.511000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186885date:2020-11-18T00:00:00
db:JVNDBid:JVNDB-2020-013183date:2021-06-21T07:42:00
db:CNNVDid:CNNVD-201911-1668date:2021-01-04T00:00:00
db:NVDid:CVE-2020-8760date:2024-11-21T05:39:23.620

SOURCES RELEASE DATE

db:VULHUBid:VHN-186885date:2020-11-12T00:00:00
db:JVNDBid:JVNDB-2020-013183date:2021-06-21T00:00:00
db:CNNVDid:CNNVD-201911-1668date:2019-11-10T00:00:00
db:NVDid:CVE-2020-8760date:2020-11-12T18:15:18.207