Details of VAR-202011-1388

ID

VAR-202011-1388

CVE

CVE-2020-8746

TITLE

Intel(R) AMT Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013177

DESCRIPTION

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel(R) AMT Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. Intel TXE, etc. are all products of Intel Corporation of the United States. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software. Intel Trusted Execution Engine is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). The following products and versions are affected: Version 11.8.80, Version 11.12.80, Version 11.22.80, Version 12.0.70, Version 14.0.45

Trust: 1.71

sources: NVD: CVE-2020-8746 // JVNDB: JVNDB-2020-013177 // VULHUB: VHN-186871

AFFECTED PRODUCTS

vendor:	intel	model:	active management technology	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	14.0.45	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	11.12.0	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.12.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	12.0.70	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	lt	version:	11.22.80	Trust: 1.0
vendor:	intel	model:	active management technology	scope:	gte	version:	14.0	Trust: 1.0
vendor:	インテル	model:	intel active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	cloud backup	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013177 // NVD: CVE-2020-8746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8746
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8746
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1654
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186871
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8746
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186871
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8746
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8746
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186871 // JVNDB: JVNDB-2020-013177 // CNNVD: CNNVD-201911-1654 // NVD: CVE-2020-8746

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186871 // JVNDB: JVNDB-2020-013177 // NVD: CVE-2020-8746

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1654

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1654

PATCH

title:	NTAP-20201113-0003 Intel Intel Product Security Center	url:	https://security.netapp.com/advisory/ntap-20201113-0003/	Trust: 0.8
title:	Intel AMT Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134593	Trust: 0.6

sources: JVNDB: JVNDB-2020-013177 // CNNVD: CNNVD-201911-1654

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8746	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013177	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1654	Trust: 0.6
db:	VULHUB	id:	VHN-186871	Trust: 0.1

sources: VULHUB: VHN-186871 // JVNDB: JVNDB-2020-013177 // CNNVD: CNNVD-201911-1654 // NVD: CVE-2020-8746

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0003/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8746	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186871 // JVNDB: JVNDB-2020-013177 // CNNVD: CNNVD-201911-1654 // NVD: CVE-2020-8746

SOURCES

db:	VULHUB	id:	VHN-186871
db:	JVNDB	id:	JVNDB-2020-013177
db:	CNNVD	id:	CNNVD-201911-1654
db:	NVD	id:	CVE-2020-8746

LAST UPDATE DATE

2024-11-23T19:38:02.257000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186871	date:	2020-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-013177	date:	2021-06-21T07:42:00
db:	CNNVD	id:	CNNVD-201911-1654	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8746	date:	2024-11-21T05:39:22.340

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186871	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013177	date:	2021-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201911-1654	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8746	date:	2020-11-12T18:15:17.377