cvelistv5 - cve-2020-0597

CVE-2020-0597 (GCVE-0-2020-0597)

Vulnerability from cvelistv5 – Published: 2020-06-15 13:59 – Updated: 2024-08-04 06:11

Summary

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.

Severity ?

No CVSS data available.

CWE

Denial of Service

Assigner

intel

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2020061…	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-…	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/257161	third-party-advisoryx_refsource_CERT-VN
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM
	https://support.lenovo.com/de/en/product_security…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) AMT and Intel(R) ISM	Affected: See provided reference

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:04.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "name": "VU#257161",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/257161"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/de/en/product_security/len-30041"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) AMT and Intel(R) ISM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See provided reference"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T12:06:36",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
        },
        {
          "name": "VU#257161",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/257161"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.lenovo.com/de/en/product_security/len-30041"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0597",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) AMT and Intel(R) ISM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See provided reference"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200611-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "VU#257161",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/257161"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_15",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
            },
            {
              "name": "https://support.lenovo.com/de/en/product_security/len-30041",
              "refsource": "MISC",
              "url": "https://support.lenovo.com/de/en/product_security/len-30041"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2020-0597",
    "datePublished": "2020-06-15T13:59:45",
    "dateReserved": "2019-10-28T00:00:00",
    "dateUpdated": "2024-08-04T06:11:04.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndIncluding\": \"11.8.76\", \"matchCriteriaId\": \"64F972AA-4420-4983-B0DF-085CAE58E51D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.10\", \"versionEndIncluding\": \"11.11.76\", \"matchCriteriaId\": \"49B19589-FF5A-4908-8317-6E2DDDF40DD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.20\", \"versionEndIncluding\": \"11.22.76\", \"matchCriteriaId\": \"89D1B44A-5783-480A-BB32-2A96012B5C2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndIncluding\": \"12.0.63\", \"matchCriteriaId\": \"2184BE20-E41F-4FE9-9897-C9BB527B45D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndIncluding\": \"13.0.31\", \"matchCriteriaId\": \"350276F5-E8F5-4261-B7C5-7662F21782D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndIncluding\": \"14.0.32\", \"matchCriteriaId\": \"E9E73D17-715D-4BA9-9E45-FBC09587973E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndIncluding\": \"11.8.76\", \"matchCriteriaId\": \"DB0A7300-2C3E-493F-9FC7-95376E2730B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.10\", \"versionEndIncluding\": \"11.11.76\", \"matchCriteriaId\": \"F5BFB6EB-4B20-49A3-9307-B905C419554E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.20\", \"versionEndIncluding\": \"11.22.76\", \"matchCriteriaId\": \"B5538026-BEA0-4764-94BE-D09CFE74FCC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndIncluding\": \"12.0.63\", \"matchCriteriaId\": \"B221B839-F12B-41D3-BB8F-CF552FFA11F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndIncluding\": \"13.0.31\", \"matchCriteriaId\": \"DBCF8CDE-05FD-48F7-BE29-68984E401B28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndIncluding\": \"14.0.32\", \"matchCriteriaId\": \"DE4AF2ED-BFCB-4DCB-8E9A-CFEF652EDD11\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.\"}, {\"lang\": \"es\", \"value\": \"Una lectura fuera de l\\u00edmites en el subsistema IPv6 en Intel\\u00ae AMT e Intel\\u00ae ISM versiones anteriores a 14.0.33, puede permitir a un usuario no autenticado habilitar potencialmente una denegaci\\u00f3n de servicio por medio de un acceso de red\"}]",
      "id": "CVE-2020-0597",
      "lastModified": "2024-11-21T04:53:49.610",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-15T14:15:11.660",
      "references": "[{\"url\": \"https://security.netapp.com/advisory/ntap-20200611-0007/\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.lenovo.com/de/en/product_security/len-30041\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_15\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200611-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.lenovo.com/de/en/product_security/len-30041\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-0597\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2020-06-15T14:15:11.660\",\"lastModified\":\"2024-11-21T04:53:49.610\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.\"},{\"lang\":\"es\",\"value\":\"Una lectura fuera de l\u00edmites en el subsistema IPv6 en Intel\u00ae AMT e Intel\u00ae ISM versiones anteriores a 14.0.33, puede permitir a un usuario no autenticado habilitar potencialmente una denegaci\u00f3n de servicio por medio de un acceso de red\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.8.76\",\"matchCriteriaId\":\"64F972AA-4420-4983-B0DF-085CAE58E51D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.10\",\"versionEndIncluding\":\"11.11.76\",\"matchCriteriaId\":\"49B19589-FF5A-4908-8317-6E2DDDF40DD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.20\",\"versionEndIncluding\":\"11.22.76\",\"matchCriteriaId\":\"89D1B44A-5783-480A-BB32-2A96012B5C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndIncluding\":\"12.0.63\",\"matchCriteriaId\":\"2184BE20-E41F-4FE9-9897-C9BB527B45D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndIncluding\":\"13.0.31\",\"matchCriteriaId\":\"350276F5-E8F5-4261-B7C5-7662F21782D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndIncluding\":\"14.0.32\",\"matchCriteriaId\":\"E9E73D17-715D-4BA9-9E45-FBC09587973E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.8.76\",\"matchCriteriaId\":\"DB0A7300-2C3E-493F-9FC7-95376E2730B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.10\",\"versionEndIncluding\":\"11.11.76\",\"matchCriteriaId\":\"F5BFB6EB-4B20-49A3-9307-B905C419554E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.20\",\"versionEndIncluding\":\"11.22.76\",\"matchCriteriaId\":\"B5538026-BEA0-4764-94BE-D09CFE74FCC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndIncluding\":\"12.0.63\",\"matchCriteriaId\":\"B221B839-F12B-41D3-BB8F-CF552FFA11F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndIncluding\":\"13.0.31\",\"matchCriteriaId\":\"DBCF8CDE-05FD-48F7-BE29-68984E401B28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndIncluding\":\"14.0.32\",\"matchCriteriaId\":\"DE4AF2ED-BFCB-4DCB-8E9A-CFEF652EDD11\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20200611-0007/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.lenovo.com/de/en/product_security/len-30041\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/257161\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_20_15\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200611-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.lenovo.com/de/en/product_security/len-30041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/257161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_20_15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2020-0597

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.

Aliases

CVE-2020-0597

Aliases

CVE-2020-0597

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-0597",
    "description": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.",
    "id": "GSD-2020-0597"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-0597"
      ],
      "details": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.",
      "id": "GSD-2020-0597",
      "modified": "2023-12-13T01:21:44.406987Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2020-0597",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) AMT and Intel(R) ISM",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See provided reference"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200611-0007/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
          },
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "name": "VU#257161",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/257161"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_20_15",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
          },
          {
            "name": "https://support.lenovo.com/de/en/product_security/len-30041",
            "refsource": "MISC",
            "url": "https://support.lenovo.com/de/en/product_security/len-30041"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.0.32",
                "versionStartIncluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.0.31",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.0.63",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.22.76",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.11.76",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.8.76",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.0.32",
                "versionStartIncluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.0.31",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.0.63",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.22.76",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.11.76",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.8.76",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0597"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_15",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
            },
            {
              "name": "https://support.lenovo.com/de/en/product_security/len-30041",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.lenovo.com/de/en/product_security/len-30041"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200611-0007/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
            },
            {
              "name": "VU#257161",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/257161"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-05-22T15:32Z",
      "publishedDate": "2020-06-15T14:15Z"
    }
  }
}

FKIE_CVE-2020-0597

Vulnerability from fkie_nvd - Published: 2020-06-15 14:15 - Updated: 2024-11-21 04:53

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.

References

URL	Tags
secure@intel.com	https://security.netapp.com/advisory/ntap-20200611-0007/	Third Party Advisory
secure@intel.com	https://support.lenovo.com/de/en/product_security/len-30041	Third Party Advisory
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Vendor Advisory
secure@intel.com	https://www.kb.cert.org/vuls/id/257161	Third Party Advisory, US Government Resource
secure@intel.com	https://www.synology.com/security/advisory/Synology_SA_20_15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200611-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/de/en/product_security/len-30041	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/257161	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_20_15	Third Party Advisory

Impacted products

Vendor	Product	Version
intel	software_manager	*
intel	software_manager	*
intel	software_manager	*
intel	software_manager	*
intel	software_manager	*
intel	software_manager	*
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F972AA-4420-4983-B0DF-085CAE58E51D",
              "versionEndIncluding": "11.8.76",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49B19589-FF5A-4908-8317-6E2DDDF40DD0",
              "versionEndIncluding": "11.11.76",
              "versionStartIncluding": "11.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D1B44A-5783-480A-BB32-2A96012B5C2A",
              "versionEndIncluding": "11.22.76",
              "versionStartIncluding": "11.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2184BE20-E41F-4FE9-9897-C9BB527B45D0",
              "versionEndIncluding": "12.0.63",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "350276F5-E8F5-4261-B7C5-7662F21782D0",
              "versionEndIncluding": "13.0.31",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9E73D17-715D-4BA9-9E45-FBC09587973E",
              "versionEndIncluding": "14.0.32",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB0A7300-2C3E-493F-9FC7-95376E2730B3",
              "versionEndIncluding": "11.8.76",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5BFB6EB-4B20-49A3-9307-B905C419554E",
              "versionEndIncluding": "11.11.76",
              "versionStartIncluding": "11.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5538026-BEA0-4764-94BE-D09CFE74FCC5",
              "versionEndIncluding": "11.22.76",
              "versionStartIncluding": "11.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B221B839-F12B-41D3-BB8F-CF552FFA11F3",
              "versionEndIncluding": "12.0.63",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBCF8CDE-05FD-48F7-BE29-68984E401B28",
              "versionEndIncluding": "13.0.31",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4AF2ED-BFCB-4DCB-8E9A-CFEF652EDD11",
              "versionEndIncluding": "14.0.32",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access."
    },
    {
      "lang": "es",
      "value": "Una lectura fuera de l\u00edmites en el subsistema IPv6 en Intel\u00ae AMT e Intel\u00ae ISM versiones anteriores a 14.0.33, puede permitir a un usuario no autenticado habilitar potencialmente una denegaci\u00f3n de servicio por medio de un acceso de red"
    }
  ],
  "id": "CVE-2020-0597",
  "lastModified": "2024-11-21T04:53:49.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-15T14:15:11.660",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/de/en/product_security/len-30041"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/de/en/product_security/len-30041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2020-AVI-353

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel . Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions antérieures à 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12
Intel	N/A	certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model
Intel	N/A	Intel SSD DC séries P4511 (m.2) versions antérieures à VDV10170
Intel	N/A	les processeurs Intel Core de génération 7, 8, 9 et 10 sans la dernière mise à jour du BIOS
Intel	N/A	Intel SSD DC séries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions antérieures à VDV10170
Intel	N/A	Intel SSD D3-S4510 séries M.2 FF versions antérieures à XC311120
Intel	N/A	Intel Innovation Engine Build and Signing Tool versions antérieures à 1.0.859

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00366 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00295 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00322 du 09 juin 2020	None	vendor-advisory
Liste de processeurs Intel vulnérables du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00320 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00266 du 09 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4511 (m.2) versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "les processeurs Intel Core de g\u00e9n\u00e9ration 7, 8, 9 et 10 sans la derni\u00e8re mise \u00e0 jour du BIOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD D3-S4510 s\u00e9ries M.2 FF versions ant\u00e9rieures \u00e0 XC311120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Innovation Engine Build and Signing Tool versions ant\u00e9rieures \u00e0 1.0.859",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0529"
    },
    {
      "name": "CVE-2020-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0531"
    },
    {
      "name": "CVE-2020-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0532"
    },
    {
      "name": "CVE-2020-0528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0528"
    },
    {
      "name": "CVE-2020-0538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0538"
    },
    {
      "name": "CVE-2020-8674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8674"
    },
    {
      "name": "CVE-2020-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8675"
    },
    {
      "name": "CVE-2020-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0594"
    },
    {
      "name": "CVE-2020-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0586"
    },
    {
      "name": "CVE-2020-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0541"
    },
    {
      "name": "CVE-2020-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0536"
    },
    {
      "name": "CVE-2020-0595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0595"
    },
    {
      "name": "CVE-2020-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0535"
    },
    {
      "name": "CVE-2020-0566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0566"
    },
    {
      "name": "CVE-2020-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0540"
    },
    {
      "name": "CVE-2020-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0597"
    },
    {
      "name": "CVE-2020-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0533"
    },
    {
      "name": "CVE-2020-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0539"
    },
    {
      "name": "CVE-2020-0542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0542"
    },
    {
      "name": "CVE-2020-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0537"
    },
    {
      "name": "CVE-2020-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
    },
    {
      "name": "CVE-2020-0527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0527"
    },
    {
      "name": "CVE-2020-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0596"
    },
    {
      "name": "CVE-2020-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0534"
    },
    {
      "name": "CVE-2020-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0545"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-353",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel\n. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00366 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00295 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00322 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html"
    },
    {
      "published_at": null,
      "title": "Liste de processeurs Intel vuln\u00e9rables du 09 juin 2020",
      "url": "https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00320 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00266 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"
    }
  ]
}

CERTFR-2020-AVI-353

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions antérieures à 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12
Intel	N/A	certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model
Intel	N/A	Intel SSD DC séries P4511 (m.2) versions antérieures à VDV10170
Intel	N/A	les processeurs Intel Core de génération 7, 8, 9 et 10 sans la dernière mise à jour du BIOS
Intel	N/A	Intel SSD DC séries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions antérieures à VDV10170
Intel	N/A	Intel SSD D3-S4510 séries M.2 FF versions antérieures à XC311120
Intel	N/A	Intel Innovation Engine Build and Signing Tool versions antérieures à 1.0.859

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00366 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00295 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00322 du 09 juin 2020	None	vendor-advisory
Liste de processeurs Intel vulnérables du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00320 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00266 du 09 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4511 (m.2) versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "les processeurs Intel Core de g\u00e9n\u00e9ration 7, 8, 9 et 10 sans la derni\u00e8re mise \u00e0 jour du BIOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD D3-S4510 s\u00e9ries M.2 FF versions ant\u00e9rieures \u00e0 XC311120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Innovation Engine Build and Signing Tool versions ant\u00e9rieures \u00e0 1.0.859",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0529"
    },
    {
      "name": "CVE-2020-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0531"
    },
    {
      "name": "CVE-2020-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0532"
    },
    {
      "name": "CVE-2020-0528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0528"
    },
    {
      "name": "CVE-2020-0538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0538"
    },
    {
      "name": "CVE-2020-8674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8674"
    },
    {
      "name": "CVE-2020-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8675"
    },
    {
      "name": "CVE-2020-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0594"
    },
    {
      "name": "CVE-2020-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0586"
    },
    {
      "name": "CVE-2020-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0541"
    },
    {
      "name": "CVE-2020-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0536"
    },
    {
      "name": "CVE-2020-0595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0595"
    },
    {
      "name": "CVE-2020-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0535"
    },
    {
      "name": "CVE-2020-0566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0566"
    },
    {
      "name": "CVE-2020-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0540"
    },
    {
      "name": "CVE-2020-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0597"
    },
    {
      "name": "CVE-2020-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0533"
    },
    {
      "name": "CVE-2020-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0539"
    },
    {
      "name": "CVE-2020-0542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0542"
    },
    {
      "name": "CVE-2020-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0537"
    },
    {
      "name": "CVE-2020-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
    },
    {
      "name": "CVE-2020-0527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0527"
    },
    {
      "name": "CVE-2020-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0596"
    },
    {
      "name": "CVE-2020-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0534"
    },
    {
      "name": "CVE-2020-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0545"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-353",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel\n. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00366 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00295 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00322 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html"
    },
    {
      "published_at": null,
      "title": "Liste de processeurs Intel vuln\u00e9rables du 09 juin 2020",
      "url": "https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00320 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00266 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"
    }
  ]
}

CNVD-2020-34708

Vulnerability from cnvd - Published: 2020-06-27

Title

Intel AMT和ISM拒绝服务漏洞

Description

Intel Active Management Technology（AMT）和Intel Software Manager（ISM）都是美国英特尔（Intel）公司的产品。Intel Active Management Technology是一套以硬件为基础的计算机远程主动管理技术软件。Intel Software Manager是一款用于管理Intel软件开发产品的实用程序。 Intel AMT和ISM存在拒绝服务漏洞。远程攻击者可利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Intel AMT和ISM拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-0597

Impacted products

Name
['Intel Intel Active Management Technology（AMT） <14.0.33', 'Intel Intel Software Manager（ISM） <14.0.33']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0597"
    }
  },
  "description": "Intel Active Management Technology\uff08AMT\uff09\u548cIntel Software Manager\uff08ISM\uff09\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Active Management Technology\u662f\u4e00\u5957\u4ee5\u786c\u4ef6\u4e3a\u57fa\u7840\u7684\u8ba1\u7b97\u673a\u8fdc\u7a0b\u4e3b\u52a8\u7ba1\u7406\u6280\u672f\u8f6f\u4ef6\u3002Intel Software Manager\u662f\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406Intel\u8f6f\u4ef6\u5f00\u53d1\u4ea7\u54c1\u7684\u5b9e\u7528\u7a0b\u5e8f\u3002\n\nIntel AMT\u548cISM\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-34708",
  "openTime": "2020-06-27",
  "patchDescription": "Intel Active Management Technology\uff08AMT\uff09\u548cIntel Software Manager\uff08ISM\uff09\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Active Management Technology\u662f\u4e00\u5957\u4ee5\u786c\u4ef6\u4e3a\u57fa\u7840\u7684\u8ba1\u7b97\u673a\u8fdc\u7a0b\u4e3b\u52a8\u7ba1\u7406\u6280\u672f\u8f6f\u4ef6\u3002Intel Software Manager\u662f\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406Intel\u8f6f\u4ef6\u5f00\u53d1\u4ea7\u54c1\u7684\u5b9e\u7528\u7a0b\u5e8f\u3002\r\n\r\nIntel AMT\u548cISM\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel AMT\u548cISM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel Intel Active Management Technology\uff08AMT\uff09 \u003c14.0.33",
      "Intel Intel Software Manager\uff08ISM\uff09 \u003c14.0.33"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-0597",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-11",
  "title": "Intel AMT\u548cISM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

VAR-202006-0027

Vulnerability from variot - Updated: 2023-12-18 11:04

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.CVE-2020-0594 Unknown CVE-2020-0595 Unknown CVE-2020-0597 Unknown CVE-2020-11896 Affected CVE-2020-11897 Not Affected CVE-2020-11898 Affected CVE-2020-11899 Not Affected CVE-2020-11900 Affected CVE-2020-11901 Not Affected CVE-2020-11902 Not Affected CVE-2020-11903 Not Affected CVE-2020-11904 Not Affected CVE-2020-11905 Not Affected CVE-2020-11906 Affected CVE-2020-11907 Affected CVE-2020-11908 Not Affected CVE-2020-11909 Not Affected CVE-2020-11910 Not Affected CVE-2020-11911 Affected CVE-2020-11912 Affected CVE-2020-11913 Not Affected CVE-2020-11914 Affected CVE-2020-8674 UnknownCVE-2020-0594 Unknown CVE-2020-0595 Unknown CVE-2020-0597 Unknown CVE-2020-11896 Affected CVE-2020-11897 Not Affected CVE-2020-11898 Affected CVE-2020-11899 Not Affected CVE-2020-11900 Affected CVE-2020-11901 Not Affected CVE-2020-11902 Not Affected CVE-2020-11903 Not Affected CVE-2020-11904 Not Affected CVE-2020-11905 Not Affected CVE-2020-11906 Affected CVE-2020-11907 Affected CVE-2020-11908 Not Affected CVE-2020-11909 Not Affected CVE-2020-11910 Not Affected CVE-2020-11911 Affected CVE-2020-11912 Affected CVE-2020-11913 Not Affected CVE-2020-11914 Affected CVE-2020-8674 Unknown. Intel(R) AMT and ISM Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to cause a denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0027",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "software manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "13.0.31"
      },
      {
        "model": "active management technology",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "13.0.31"
      },
      {
        "model": "software manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.0"
      },
      {
        "model": "software manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "12.0"
      },
      {
        "model": "active management technology",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.11.76"
      },
      {
        "model": "active management technology",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.22.76"
      },
      {
        "model": "software manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.10"
      },
      {
        "model": "software manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.11.76"
      },
      {
        "model": "software manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.22.76"
      },
      {
        "model": "software manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "13.0"
      },
      {
        "model": "software manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.20"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.0"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "14.0"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "12.0"
      },
      {
        "model": "active management technology",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.8.76"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.20"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.10"
      },
      {
        "model": "software manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.8.76"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "13.0"
      },
      {
        "model": "software manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "14.0"
      },
      {
        "model": "active management technology",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "12.0.63"
      },
      {
        "model": "software manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "14.0.32"
      },
      {
        "model": "active management technology",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "14.0.32"
      },
      {
        "model": "software manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "12.0.63"
      },
      {
        "model": "active management technology",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "14.0.33"
      },
      {
        "model": "standard manageability",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "14.0.33"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0597"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.0.32",
                "versionStartIncluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.0.31",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.0.63",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.22.76",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.11.76",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.8.76",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.0.32",
                "versionStartIncluding": "14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "13.0.31",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.0.63",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.22.76",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.11.76",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.8.76",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0597"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This document was written by Vijay Sarvepalli.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-0597",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-007023",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-162031",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-007023",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-0597",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-007023",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-812",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-162031",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-162031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.CVE-2020-0594 Unknown\nCVE-2020-0595 Unknown\nCVE-2020-0597 Unknown\nCVE-2020-11896 Affected\nCVE-2020-11897 Not Affected\nCVE-2020-11898 Affected\nCVE-2020-11899 Not Affected\nCVE-2020-11900 Affected\nCVE-2020-11901 Not Affected\nCVE-2020-11902 Not Affected\nCVE-2020-11903 Not Affected\nCVE-2020-11904 Not Affected\nCVE-2020-11905 Not Affected\nCVE-2020-11906 Affected\nCVE-2020-11907 Affected\nCVE-2020-11908 Not Affected\nCVE-2020-11909 Not Affected\nCVE-2020-11910 Not Affected\nCVE-2020-11911 Affected\nCVE-2020-11912 Affected\nCVE-2020-11913 Not Affected\nCVE-2020-11914 Affected\nCVE-2020-8674 UnknownCVE-2020-0594 Unknown\nCVE-2020-0595 Unknown\nCVE-2020-0597 Unknown\nCVE-2020-11896 Affected\nCVE-2020-11897 Not Affected\nCVE-2020-11898 Affected\nCVE-2020-11899 Not Affected\nCVE-2020-11900 Affected\nCVE-2020-11901 Not Affected\nCVE-2020-11902 Not Affected\nCVE-2020-11903 Not Affected\nCVE-2020-11904 Not Affected\nCVE-2020-11905 Not Affected\nCVE-2020-11906 Affected\nCVE-2020-11907 Affected\nCVE-2020-11908 Not Affected\nCVE-2020-11909 Not Affected\nCVE-2020-11910 Not Affected\nCVE-2020-11911 Affected\nCVE-2020-11912 Affected\nCVE-2020-11913 Not Affected\nCVE-2020-11914 Affected\nCVE-2020-8674 Unknown. Intel(R) AMT and ISM Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to cause a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0597"
      },
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "db": "VULHUB",
        "id": "VHN-162031"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0597",
        "trust": 3.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#257161",
        "trust": 2.5
      },
      {
        "db": "LENOVO",
        "id": "LEN-30041",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98979613",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-812",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1991.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1991",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-162031",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-162031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ]
  },
  "id": "VAR-202006-0027",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-162031"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:04:10.175000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00295",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
      },
      {
        "title": "Intel AMT  and ISM Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=122462"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-162031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0597"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.kb.cert.org/vuls/id/257161"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
      },
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.synology.com/security/advisory/synology_sa_20_15"
      },
      {
        "trust": 1.7,
        "url": "https://support.lenovo.com/de/en/product_security/len-30041"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0597"
      },
      {
        "trust": 0.8,
        "url": "cve-2020-0594  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-0595  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-0597  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11896  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11897  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11898  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11899  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11900  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11901  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11902  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11903  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11904  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11905  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11906  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11907  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11908  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11909  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11910  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11911  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11912  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11913  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11914  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-8674  "
      },
      {
        "trust": 0.8,
        "url": "vince json"
      },
      {
        "trust": 0.8,
        "url": "csaf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0597"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98979613/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1991/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1991.2/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-30041"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-162031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-162031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "date": "2020-06-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-162031"
      },
      {
        "date": "2020-07-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "date": "2020-06-15T14:15:11.660000",
        "db": "NVD",
        "id": "CVE-2020-0597"
      },
      {
        "date": "2020-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "date": "2021-03-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-162031"
      },
      {
        "date": "2020-07-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-007023"
      },
      {
        "date": "2023-05-22T15:32:51.257000",
        "db": "NVD",
        "id": "CVE-2020-0597"
      },
      {
        "date": "2023-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Treck IP stacks contain multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-812"
      }
    ],
    "trust": 0.6
  }
}

GHSA-43WQ-XR5F-53WW

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2023-05-22 18:30

Details

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-0597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.",
  "id": "GHSA-43wq-xr5f-53ww",
  "modified": "2023-05-22T18:30:17Z",
  "published": "2022-05-24T17:20:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0597"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200611-0007"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/de/en/product_security/len-30041"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-0597 (GCVE-0-2020-0597)

GSD-2020-0597

FKIE_CVE-2020-0597

CERTFR-2020-AVI-353

Solution

CERTFR-2020-AVI-353

Solution

CNVD-2020-34708

VAR-202006-0027

GHSA-43WQ-XR5F-53WW

Tags

Sightings

Nomenclature