Sign-up

ID

VAR-202011-1390


CVE

CVE-2020-8749


TITLE

Intel(R) AMT  Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013179

DESCRIPTION

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Intel(R) AMT Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. The following products and versions are affected: Version 11.8.80, Version 11.12.80, Version 11.22.80, Version 12.0.70, Version 14.0.45

Trust: 1.71

sources: NVD: CVE-2020-8749 // JVNDB: JVNDB-2020-013179 // VULHUB: VHN-186874

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:14.0.45

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.80

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.70

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.80

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.80

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.0

Trust: 1.0

vendor:インテルmodel:intel active management technologyscope: - version: -

Trust: 0.8

vendor:netappmodel:cloud backupscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013179 // NVD: CVE-2020-8749

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8749
value: HIGH

Trust: 1.0

NVD: CVE-2020-8749
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-1659
value: HIGH

Trust: 0.6

VULHUB: VHN-186874
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8749
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-186874
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8749
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-8749
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186874 // JVNDB: JVNDB-2020-013179 // CNNVD: CNNVD-201911-1659 // NVD: CVE-2020-8749

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-186874 // JVNDB: JVNDB-2020-013179 // NVD: CVE-2020-8749

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1659

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1659

PATCH

title:NTAP-20201113-0003 Intel Intel Product Security Centerurl:https://security.netapp.com/advisory/ntap-20201113-0003/

Trust: 0.8

title:Intel AMT Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134595

Trust: 0.6

sources: JVNDB: JVNDB-2020-013179 // CNNVD: CNNVD-201911-1659

EXTERNAL IDS

db:NVDid:CVE-2020-8749

Trust: 2.5

db:JVNDBid:JVNDB-2020-013179

Trust: 0.8

db:LENOVOid:LEN-39432

Trust: 0.6

db:AUSCERTid:ESB-2020.3958.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3958

Trust: 0.6

db:CNNVDid:CNNVD-201911-1659

Trust: 0.6

db:VULHUBid:VHN-186874

Trust: 0.1

sources: VULHUB: VHN-186874 // JVNDB: JVNDB-2020-013179 // CNNVD: CNNVD-201911-1659 // NVD: CVE-2020-8749

REFERENCES

url:https://security.netapp.com/advisory/ntap-20201113-0003/

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-8749

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3958/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3958.2/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-39432

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887

Trust: 0.6

sources: VULHUB: VHN-186874 // JVNDB: JVNDB-2020-013179 // CNNVD: CNNVD-201911-1659 // NVD: CVE-2020-8749

SOURCES

db:VULHUBid:VHN-186874
db:JVNDBid:JVNDB-2020-013179
db:CNNVDid:CNNVD-201911-1659
db:NVDid:CVE-2020-8749

LAST UPDATE DATE

2024-11-23T21:07:40.834000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186874date:2020-11-18T00:00:00
db:JVNDBid:JVNDB-2020-013179date:2021-06-21T07:42:00
db:CNNVDid:CNNVD-201911-1659date:2021-01-04T00:00:00
db:NVDid:CVE-2020-8749date:2024-11-21T05:39:22.543

SOURCES RELEASE DATE

db:VULHUBid:VHN-186874date:2020-11-12T00:00:00
db:JVNDBid:JVNDB-2020-013179date:2021-06-21T00:00:00
db:CNNVDid:CNNVD-201911-1659date:2019-11-10T00:00:00
db:NVDid:CVE-2020-8749date:2020-11-12T18:15:17.533