Details of VAR-202011-1380

ID

VAR-202011-1380

CVE

CVE-2020-8761

TITLE

Intel(R) CSME Vulnerability in cryptography

Trust: 0.8

sources: JVNDB: JVNDB-2020-013584

DESCRIPTION

Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. Intel(R) CSME Contains a cryptographic vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-8761 // JVNDB: JVNDB-2020-013584 // VULHUB: VHN-186886

AFFECTED PRODUCTS

vendor:	intel	model:	converged security and manageability engine	scope:	gte	version:	13.30.0	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	13.30.10	Trust: 1.0
vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	13.0.40	Trust: 1.0

sources: NVD: CVE-2020-8761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8761
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8761
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1670
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186886
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8761
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186886
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8761
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8761
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186886 // JVNDB: JVNDB-2020-013584 // CNNVD: CNNVD-201911-1670 // NVD: CVE-2020-8761

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.1
problemtype:	Inadequate encryption strength (CWE-326) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186886 // JVNDB: JVNDB-2020-013584 // NVD: CVE-2020-8761

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-1670

PATCH

title:	INTEL-SA-00391	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html	Trust: 0.8
title:	Intel CSME Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135438	Trust: 0.6

sources: JVNDB: JVNDB-2020-013584 // CNNVD: CNNVD-201911-1670

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8761	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013584	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1670	Trust: 0.6
db:	VULHUB	id:	VHN-186886	Trust: 0.1

sources: VULHUB: VHN-186886 // JVNDB: JVNDB-2020-013584 // CNNVD: CNNVD-201911-1670 // NVD: CVE-2020-8761

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0002/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8761	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186886 // JVNDB: JVNDB-2020-013584 // CNNVD: CNNVD-201911-1670 // NVD: CVE-2020-8761

SOURCES

db:	VULHUB	id:	VHN-186886
db:	JVNDB	id:	JVNDB-2020-013584
db:	CNNVD	id:	CNNVD-201911-1670
db:	NVD	id:	CVE-2020-8761

LAST UPDATE DATE

2024-11-23T21:16:48.540000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186886	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013584	date:	2021-07-08T07:58:00
db:	CNNVD	id:	CNNVD-201911-1670	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2020-8761	date:	2024-11-21T05:39:23.710

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186886	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013584	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201911-1670	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8761	date:	2020-11-12T18:15:18.267