Details of VAR-202011-1392

ID

VAR-202011-1392

CVE

CVE-2020-8751

TITLE

Intel(R) CSME and TXE Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013415

DESCRIPTION

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access. Intel(R) CSME and TXE Contains an information disclosure vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-8751 // JVNDB: JVNDB-2020-013415 // VULHUB: VHN-186876

AFFECTED PRODUCTS

vendor:	intel	model:	converged security and manageability engine	scope:	lt	version:	11.8.80	Trust: 1.0
vendor:	intel	model:	trusted execution technology	scope:	lt	version:	3.1.80	Trust: 1.0
vendor:	インテル	model:	trusted execution technology	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel csme	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013415 // NVD: CVE-2020-8751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8751
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8751
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1661
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186876
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8751
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186876
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8751
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8751
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186876 // JVNDB: JVNDB-2020-013415 // CNNVD: CNNVD-201911-1661 // NVD: CVE-2020-8751

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-200	Trust: 0.1

sources: VULHUB: VHN-186876 // JVNDB: JVNDB-2020-013415 // NVD: CVE-2020-8751

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-1661

PATCH

title:

INTEL-SA-00391

url:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html

Trust: 0.8

sources: JVNDB: JVNDB-2020-013415

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8751	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013415	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1661	Trust: 0.6
db:	VULHUB	id:	VHN-186876	Trust: 0.1

sources: VULHUB: VHN-186876 // JVNDB: JVNDB-2020-013415 // CNNVD: CNNVD-201911-1661 // NVD: CVE-2020-8751

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0002/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20201113-0005/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8751	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186876 // JVNDB: JVNDB-2020-013415 // CNNVD: CNNVD-201911-1661 // NVD: CVE-2020-8751

SOURCES

db:	VULHUB	id:	VHN-186876
db:	JVNDB	id:	JVNDB-2020-013415
db:	CNNVD	id:	CNNVD-201911-1661
db:	NVD	id:	CVE-2020-8751

LAST UPDATE DATE

2024-11-23T20:34:28.659000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186876	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-013415	date:	2021-07-02T04:36:00
db:	CNNVD	id:	CNNVD-201911-1661	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8751	date:	2024-11-21T05:39:22.733

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186876	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013415	date:	2021-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201911-1661	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8751	date:	2020-11-12T18:15:17.673