cvelistv5 - cve-2020-8674

CVE-2020-8674 (GCVE-0-2020-8674)

Vulnerability from cvelistv5 – Published: 2020-06-15 14:00 – Updated: 2024-08-04 10:03

Summary

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

intel

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2020061…	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-…	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/257161	third-party-advisoryx_refsource_CERT-VN
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM
	https://support.lenovo.com/de/en/product_security…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) AMT and Intel(R) ISM	Affected: See provided reference

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "name": "VU#257161",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/257161"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/de/en/product_security/len-30041"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) AMT and Intel(R) ISM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See provided reference"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T12:06:38",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
        },
        {
          "name": "VU#257161",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/257161"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.lenovo.com/de/en/product_security/len-30041"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-8674",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) AMT and Intel(R) ISM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See provided reference"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200611-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "VU#257161",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/257161"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_15",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
            },
            {
              "name": "https://support.lenovo.com/de/en/product_security/len-30041",
              "refsource": "MISC",
              "url": "https://support.lenovo.com/de/en/product_security/len-30041"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2020-8674",
    "datePublished": "2020-06-15T14:00:54",
    "dateReserved": "2020-02-06T00:00:00",
    "dateUpdated": "2024-08-04T10:03:46.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.8.77\", \"matchCriteriaId\": \"2CD1D393-58BA-4F53-835F-C7B13F44BBC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.10\", \"versionEndExcluding\": \"11.12.77\", \"matchCriteriaId\": \"1171B682-C648-451B-97D2-4AADA9638BB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.20\", \"versionEndExcluding\": \"11.22.77\", \"matchCriteriaId\": \"FBF0384F-DBAC-49FD-9E31-453AF6A13A68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndExcluding\": \"12.0.64\", \"matchCriteriaId\": \"064D0505-C8E2-4F3E-9186-6923C7D01A55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14.0.33\", \"matchCriteriaId\": \"1A288FA3-B8DE-48C0-ACB3-2CB0C2F212AF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.8.77\", \"matchCriteriaId\": \"F18CD125-5319-4955-ADEA-24073521E975\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.10\", \"versionEndExcluding\": \"11.12.77\", \"matchCriteriaId\": \"B907926D-451E-4435-AEC2-2E5DBA695AE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.20\", \"versionEndExcluding\": \"11.22.77\", \"matchCriteriaId\": \"564A5BEF-C36A-4D8E-B458-D3083294AFCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndExcluding\": \"12.0.64\", \"matchCriteriaId\": \"A433A19A-BBC9-4A5A-8D55-31371F91ABDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14.0.33\", \"matchCriteriaId\": \"AAEB6ABB-9539-44C2-9177-DFB20AAA4274\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.\"}, {\"lang\": \"es\", \"value\": \"Una lectura fuera de l\\u00edmite en el subsistema DHCPv6 en Intel\\u00ae AMT e Intel\\u00ae ISM versiones anteriores a 11.8.77, 11.12.77, 11.22.77, 12.0.64 y 14.0.33, puede permitir a un usuario no autenticado habilitar potencialmente una divulgaci\\u00f3n de informaci\\u00f3n por medio de un acceso de red\"}]",
      "id": "CVE-2020-8674",
      "lastModified": "2024-11-21T05:39:14.073",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-15T14:15:12.440",
      "references": "[{\"url\": \"https://security.netapp.com/advisory/ntap-20200611-0007/\", \"source\": \"secure@intel.com\"}, {\"url\": \"https://support.lenovo.com/de/en/product_security/len-30041\", \"source\": \"secure@intel.com\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161\", \"source\": \"secure@intel.com\"}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_15\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200611-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.lenovo.com/de/en/product_security/len-30041\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8674\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2020-06-15T14:15:12.440\",\"lastModified\":\"2024-11-21T05:39:14.073\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.\"},{\"lang\":\"es\",\"value\":\"Una lectura fuera de l\u00edmite en el subsistema DHCPv6 en Intel\u00ae AMT e Intel\u00ae ISM versiones anteriores a 11.8.77, 11.12.77, 11.22.77, 12.0.64 y 14.0.33, puede permitir a un usuario no autenticado habilitar potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso de red\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.8.77\",\"matchCriteriaId\":\"2CD1D393-58BA-4F53-835F-C7B13F44BBC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.10\",\"versionEndExcluding\":\"11.12.77\",\"matchCriteriaId\":\"1171B682-C648-451B-97D2-4AADA9638BB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.20\",\"versionEndExcluding\":\"11.22.77\",\"matchCriteriaId\":\"FBF0384F-DBAC-49FD-9E31-453AF6A13A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.0.64\",\"matchCriteriaId\":\"064D0505-C8E2-4F3E-9186-6923C7D01A55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.0.33\",\"matchCriteriaId\":\"1A288FA3-B8DE-48C0-ACB3-2CB0C2F212AF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.8.77\",\"matchCriteriaId\":\"F18CD125-5319-4955-ADEA-24073521E975\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.10\",\"versionEndExcluding\":\"11.12.77\",\"matchCriteriaId\":\"B907926D-451E-4435-AEC2-2E5DBA695AE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.20\",\"versionEndExcluding\":\"11.22.77\",\"matchCriteriaId\":\"564A5BEF-C36A-4D8E-B458-D3083294AFCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.0.64\",\"matchCriteriaId\":\"A433A19A-BBC9-4A5A-8D55-31371F91ABDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.0.33\",\"matchCriteriaId\":\"AAEB6ABB-9539-44C2-9177-DFB20AAA4274\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20200611-0007/\",\"source\":\"secure@intel.com\"},{\"url\":\"https://support.lenovo.com/de/en/product_security/len-30041\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/257161\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_20_15\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200611-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.lenovo.com/de/en/product_security/len-30041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/257161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_20_15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-353

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel . Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions antérieures à 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12
Intel	N/A	certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model
Intel	N/A	Intel SSD DC séries P4511 (m.2) versions antérieures à VDV10170
Intel	N/A	les processeurs Intel Core de génération 7, 8, 9 et 10 sans la dernière mise à jour du BIOS
Intel	N/A	Intel SSD DC séries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions antérieures à VDV10170
Intel	N/A	Intel SSD D3-S4510 séries M.2 FF versions antérieures à XC311120
Intel	N/A	Intel Innovation Engine Build and Signing Tool versions antérieures à 1.0.859

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00366 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00295 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00322 du 09 juin 2020	None	vendor-advisory
Liste de processeurs Intel vulnérables du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00320 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00266 du 09 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4511 (m.2) versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "les processeurs Intel Core de g\u00e9n\u00e9ration 7, 8, 9 et 10 sans la derni\u00e8re mise \u00e0 jour du BIOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD D3-S4510 s\u00e9ries M.2 FF versions ant\u00e9rieures \u00e0 XC311120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Innovation Engine Build and Signing Tool versions ant\u00e9rieures \u00e0 1.0.859",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0529"
    },
    {
      "name": "CVE-2020-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0531"
    },
    {
      "name": "CVE-2020-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0532"
    },
    {
      "name": "CVE-2020-0528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0528"
    },
    {
      "name": "CVE-2020-0538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0538"
    },
    {
      "name": "CVE-2020-8674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8674"
    },
    {
      "name": "CVE-2020-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8675"
    },
    {
      "name": "CVE-2020-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0594"
    },
    {
      "name": "CVE-2020-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0586"
    },
    {
      "name": "CVE-2020-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0541"
    },
    {
      "name": "CVE-2020-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0536"
    },
    {
      "name": "CVE-2020-0595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0595"
    },
    {
      "name": "CVE-2020-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0535"
    },
    {
      "name": "CVE-2020-0566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0566"
    },
    {
      "name": "CVE-2020-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0540"
    },
    {
      "name": "CVE-2020-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0597"
    },
    {
      "name": "CVE-2020-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0533"
    },
    {
      "name": "CVE-2020-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0539"
    },
    {
      "name": "CVE-2020-0542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0542"
    },
    {
      "name": "CVE-2020-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0537"
    },
    {
      "name": "CVE-2020-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
    },
    {
      "name": "CVE-2020-0527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0527"
    },
    {
      "name": "CVE-2020-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0596"
    },
    {
      "name": "CVE-2020-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0534"
    },
    {
      "name": "CVE-2020-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0545"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-353",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel\n. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00366 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00295 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00322 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html"
    },
    {
      "published_at": null,
      "title": "Liste de processeurs Intel vuln\u00e9rables du 09 juin 2020",
      "url": "https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00320 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00266 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"
    }
  ]
}

CERTFR-2020-AVI-353

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions antérieures à 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12
Intel	N/A	certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model
Intel	N/A	Intel SSD DC séries P4511 (m.2) versions antérieures à VDV10170
Intel	N/A	les processeurs Intel Core de génération 7, 8, 9 et 10 sans la dernière mise à jour du BIOS
Intel	N/A	Intel SSD DC séries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions antérieures à VDV10170
Intel	N/A	Intel SSD D3-S4510 séries M.2 FF versions antérieures à XC311120
Intel	N/A	Intel Innovation Engine Build and Signing Tool versions antérieures à 1.0.859

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00366 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00295 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00322 du 09 juin 2020	None	vendor-advisory
Liste de processeurs Intel vulnérables du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00320 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00266 du 09 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel CSME, Intel AMT, Intel ISM, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 et 14.5.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "certains processeurs Intel : https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4511 (m.2) versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "les processeurs Intel Core de g\u00e9n\u00e9ration 7, 8, 9 et 10 sans la derni\u00e8re mise \u00e0 jour du BIOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD DC s\u00e9ries P4510 (U.2) et OPAL, P4610 et OPAL, P4618 versions ant\u00e9rieures \u00e0 VDV10170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSD D3-S4510 s\u00e9ries M.2 FF versions ant\u00e9rieures \u00e0 XC311120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Innovation Engine Build and Signing Tool versions ant\u00e9rieures \u00e0 1.0.859",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0529"
    },
    {
      "name": "CVE-2020-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0531"
    },
    {
      "name": "CVE-2020-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0532"
    },
    {
      "name": "CVE-2020-0528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0528"
    },
    {
      "name": "CVE-2020-0538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0538"
    },
    {
      "name": "CVE-2020-8674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8674"
    },
    {
      "name": "CVE-2020-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8675"
    },
    {
      "name": "CVE-2020-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0594"
    },
    {
      "name": "CVE-2020-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0586"
    },
    {
      "name": "CVE-2020-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0541"
    },
    {
      "name": "CVE-2020-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0536"
    },
    {
      "name": "CVE-2020-0595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0595"
    },
    {
      "name": "CVE-2020-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0535"
    },
    {
      "name": "CVE-2020-0566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0566"
    },
    {
      "name": "CVE-2020-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0540"
    },
    {
      "name": "CVE-2020-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0597"
    },
    {
      "name": "CVE-2020-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0533"
    },
    {
      "name": "CVE-2020-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0539"
    },
    {
      "name": "CVE-2020-0542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0542"
    },
    {
      "name": "CVE-2020-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0537"
    },
    {
      "name": "CVE-2020-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
    },
    {
      "name": "CVE-2020-0527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0527"
    },
    {
      "name": "CVE-2020-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0596"
    },
    {
      "name": "CVE-2020-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0534"
    },
    {
      "name": "CVE-2020-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0545"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-353",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel\n. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00366 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00366.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00295 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00322 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html"
    },
    {
      "published_at": null,
      "title": "Liste de processeurs Intel vuln\u00e9rables du 09 juin 2020",
      "url": "https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00320 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00266 du 09 juin 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"
    }
  ]
}

CNVD-2020-34710

Vulnerability from cnvd - Published: 2020-06-27

Title

Intel AMT和ISM缓冲区溢出漏洞

Description

Intel Active Management Technology（AMT）和Intel Software Manager（ISM）都是美国英特尔（Intel）公司的产品。Intel Active Management Technology是一套以硬件为基础的计算机远程主动管理技术软件。Intel Software Manager是一款用于管理Intel软件开发产品的实用程序。 Intel AMT和ISM存在缓冲区溢出漏洞。远程攻击者可利用该漏洞获取信息。

Severity

中

Patch Name

Intel AMT和ISM缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8674

Impacted products

Name
['Intel Intel Active Management Technology（AMT） <11.12.77', 'Intel Intel Active Management Technology（AMT） <11.22.77', 'Intel Intel Active Management Technology（AMT） <12.0.64', 'Intel Intel Active Management Technology（AMT） <11.8.77', 'Intel Intel Active Management Technology（AMT） <14.0.33', 'Intel Intel Software Manager（ISM） <11.8.76', 'Intel Intel Software Manager（ISM） <11.12.77', 'Intel Intel Software Manager（ISM） <11.22.77', 'Intel Intel Software Manager（ISM） <12.0.64', 'Intel Intel Software Manager（ISM） <14.0.33']

Name

['Intel Intel Active Management Technology（AMT） <11.12.77', 'Intel Intel Active Management Technology（AMT） <11.22.77', 'Intel Intel Active Management Technology（AMT） <12.0.64', 'Intel Intel Active Management Technology（AMT） <11.8.77', 'Intel Intel Active Management Technology（AMT） <14.0.33', 'Intel Intel Software Manager（ISM） <11.8.76', 'Intel Intel Software Manager（ISM） <11.12.77', 'Intel Intel Software Manager（ISM） <11.22.77', 'Intel Intel Software Manager（ISM） <12.0.64', 'Intel Intel Software Manager（ISM） <14.0.33']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8674"
    }
  },
  "description": "Intel Active Management Technology\uff08AMT\uff09\u548cIntel Software Manager\uff08ISM\uff09\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Active Management Technology\u662f\u4e00\u5957\u4ee5\u786c\u4ef6\u4e3a\u57fa\u7840\u7684\u8ba1\u7b97\u673a\u8fdc\u7a0b\u4e3b\u52a8\u7ba1\u7406\u6280\u672f\u8f6f\u4ef6\u3002Intel Software Manager\u662f\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406Intel\u8f6f\u4ef6\u5f00\u53d1\u4ea7\u54c1\u7684\u5b9e\u7528\u7a0b\u5e8f\u3002\n\nIntel AMT\u548cISM\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-34710",
  "openTime": "2020-06-27",
  "patchDescription": "Intel Active Management Technology\uff08AMT\uff09\u548cIntel Software Manager\uff08ISM\uff09\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Active Management Technology\u662f\u4e00\u5957\u4ee5\u786c\u4ef6\u4e3a\u57fa\u7840\u7684\u8ba1\u7b97\u673a\u8fdc\u7a0b\u4e3b\u52a8\u7ba1\u7406\u6280\u672f\u8f6f\u4ef6\u3002Intel Software Manager\u662f\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406Intel\u8f6f\u4ef6\u5f00\u53d1\u4ea7\u54c1\u7684\u5b9e\u7528\u7a0b\u5e8f\u3002\r\n\r\nIntel AMT\u548cISM\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel AMT\u548cISM\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel Intel Active Management Technology\uff08AMT\uff09 \u003c11.12.77",
      "Intel Intel Active Management Technology\uff08AMT\uff09 \u003c11.22.77",
      "Intel Intel Active Management Technology\uff08AMT\uff09 \u003c12.0.64",
      "Intel Intel Active Management Technology\uff08AMT\uff09 \u003c11.8.77",
      "Intel Intel Active Management Technology\uff08AMT\uff09 \u003c14.0.33",
      "Intel Intel Software Manager\uff08ISM\uff09 \u003c11.8.76",
      "Intel Intel Software Manager\uff08ISM\uff09 \u003c11.12.77",
      "Intel Intel Software Manager\uff08ISM\uff09 \u003c11.22.77",
      "Intel Intel Software Manager\uff08ISM\uff09 \u003c12.0.64",
      "Intel Intel Software Manager\uff08ISM\uff09 \u003c14.0.33"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-8674",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-11",
  "title": "Intel AMT\u548cISM\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-CC9V-QMM3-2W98

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8674"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.",
  "id": "GHSA-cc9v-qmm3-2w98",
  "modified": "2022-05-24T17:20:35Z",
  "published": "2022-05-24T17:20:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8674"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200611-0007"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/de/en/product_security/len-30041"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-8674

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-8674

Aliases

CVE-2020-8674

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8674",
    "description": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.",
    "id": "GSD-2020-8674"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8674"
      ],
      "details": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.",
      "id": "GSD-2020-8674",
      "modified": "2023-12-13T01:21:53.607731Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2020-8674",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) AMT and Intel(R) ISM",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See provided reference"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200611-0007/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
          },
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "name": "VU#257161",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/257161"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_20_15",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
          },
          {
            "name": "https://support.lenovo.com/de/en/product_security/len-30041",
            "refsource": "MISC",
            "url": "https://support.lenovo.com/de/en/product_security/len-30041"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.8.77",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.12.77",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.22.77",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0.64",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0.33",
                "versionStartIncluding": "14.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.8.77",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.12.77",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.22.77",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0.64",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0.33",
                "versionStartIncluding": "14.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-8674"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_15",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
            },
            {
              "name": "https://support.lenovo.com/de/en/product_security/len-30041",
              "refsource": "MISC",
              "tags": [],
              "url": "https://support.lenovo.com/de/en/product_security/len-30041"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200611-0007/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
            },
            {
              "name": "VU#257161",
              "refsource": "CERT-VN",
              "tags": [],
              "url": "https://www.kb.cert.org/vuls/id/257161"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-03-18T13:15Z",
      "publishedDate": "2020-06-15T14:15Z"
    }
  }
}

FKIE_CVE-2020-8674

Vulnerability from fkie_nvd - Published: 2020-06-15 14:15 - Updated: 2024-11-21 05:39

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
secure@intel.com	https://security.netapp.com/advisory/ntap-20200611-0007/
secure@intel.com	https://support.lenovo.com/de/en/product_security/len-30041
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Vendor Advisory
secure@intel.com	https://www.kb.cert.org/vuls/id/257161
secure@intel.com	https://www.synology.com/security/advisory/Synology_SA_20_15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200611-0007/
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/de/en/product_security/len-30041
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/257161
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_20_15	Third Party Advisory

Impacted products

Vendor	Product	Version
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*
intel	active_management_technology_firmware	*
intel	service_manager	*
intel	service_manager	*
intel	service_manager	*
intel	service_manager	*
intel	service_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD1D393-58BA-4F53-835F-C7B13F44BBC6",
              "versionEndExcluding": "11.8.77",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1171B682-C648-451B-97D2-4AADA9638BB9",
              "versionEndExcluding": "11.12.77",
              "versionStartIncluding": "11.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF0384F-DBAC-49FD-9E31-453AF6A13A68",
              "versionEndExcluding": "11.22.77",
              "versionStartIncluding": "11.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "064D0505-C8E2-4F3E-9186-6923C7D01A55",
              "versionEndExcluding": "12.0.64",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A288FA3-B8DE-48C0-ACB3-2CB0C2F212AF",
              "versionEndExcluding": "14.0.33",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18CD125-5319-4955-ADEA-24073521E975",
              "versionEndExcluding": "11.8.77",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B907926D-451E-4435-AEC2-2E5DBA695AE7",
              "versionEndExcluding": "11.12.77",
              "versionStartIncluding": "11.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "564A5BEF-C36A-4D8E-B458-D3083294AFCD",
              "versionEndExcluding": "11.22.77",
              "versionStartIncluding": "11.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A433A19A-BBC9-4A5A-8D55-31371F91ABDA",
              "versionEndExcluding": "12.0.64",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAEB6ABB-9539-44C2-9177-DFB20AAA4274",
              "versionEndExcluding": "14.0.33",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access."
    },
    {
      "lang": "es",
      "value": "Una lectura fuera de l\u00edmite en el subsistema DHCPv6 en Intel\u00ae AMT e Intel\u00ae ISM versiones anteriores a 11.8.77, 11.12.77, 11.22.77, 12.0.64 y 14.0.33, puede permitir a un usuario no autenticado habilitar potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso de red"
    }
  ],
  "id": "CVE-2020-8674",
  "lastModified": "2024-11-21T05:39:14.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-15T14:15:12.440",
  "references": [
    {
      "source": "secure@intel.com",
      "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
    },
    {
      "source": "secure@intel.com",
      "url": "https://support.lenovo.com/de/en/product_security/len-30041"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "source": "secure@intel.com",
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.lenovo.com/de/en/product_security/len-30041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_15"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202006-1686

Vulnerability from variot - Updated: 2023-12-18 11:53

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.CVE-2020-0594 Unknown CVE-2020-0595 Unknown CVE-2020-0597 Unknown CVE-2020-11896 Affected CVE-2020-11897 Not Affected CVE-2020-11898 Affected CVE-2020-11899 Not Affected CVE-2020-11900 Affected CVE-2020-11901 Not Affected CVE-2020-11902 Not Affected CVE-2020-11903 Not Affected CVE-2020-11904 Not Affected CVE-2020-11905 Not Affected CVE-2020-11906 Affected CVE-2020-11907 Affected CVE-2020-11908 Not Affected CVE-2020-11909 Not Affected CVE-2020-11910 Not Affected CVE-2020-11911 Affected CVE-2020-11912 Affected CVE-2020-11913 Not Affected CVE-2020-11914 Affected CVE-2020-8674 UnknownCVE-2020-0594 Unknown CVE-2020-0595 Unknown CVE-2020-0597 Unknown CVE-2020-11896 Affected CVE-2020-11897 Not Affected CVE-2020-11898 Affected CVE-2020-11899 Not Affected CVE-2020-11900 Affected CVE-2020-11901 Not Affected CVE-2020-11902 Not Affected CVE-2020-11903 Not Affected CVE-2020-11904 Not Affected CVE-2020-11905 Not Affected CVE-2020-11906 Affected CVE-2020-11907 Affected CVE-2020-11908 Not Affected CVE-2020-11909 Not Affected CVE-2020-11910 Not Affected CVE-2020-11911 Affected CVE-2020-11912 Affected CVE-2020-11913 Not Affected CVE-2020-11914 Affected CVE-2020-8674 Unknown. Intel(R) AMT and ISM Exists in an out-of-bounds read vulnerability.Information may be obtained. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64, before 14.0.33; ISM before 11.8.76, before 11.12.77 Version, version before 11.22.77, version before 12.0.64, version before 14.0.33

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1686",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "service manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "14.0"
      },
      {
        "model": "active management technology",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.22.77"
      },
      {
        "model": "active management technology",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "14.0.33"
      },
      {
        "model": "service manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.8.77"
      },
      {
        "model": "service manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.12.77"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.0"
      },
      {
        "model": "service manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.0"
      },
      {
        "model": "service manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "12.0.64"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "12.0"
      },
      {
        "model": "active management technology",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.8.77"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.20"
      },
      {
        "model": "service manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "12.0"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.10"
      },
      {
        "model": "service manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.20"
      },
      {
        "model": "active management technology",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.12.77"
      },
      {
        "model": "service manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.10"
      },
      {
        "model": "service manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.22.77"
      },
      {
        "model": "active management technology",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "12.0.64"
      },
      {
        "model": "service manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "14.0.33"
      },
      {
        "model": "active management technology",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "14.0"
      },
      {
        "model": "active management technology",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "11.12.77"
      },
      {
        "model": "active management technology",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "11.22.77"
      },
      {
        "model": "active management technology",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "11.8.77"
      },
      {
        "model": "active management technology",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "12.0.64"
      },
      {
        "model": "active management technology",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "14.0.33"
      },
      {
        "model": "standard manageability",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "11.12.77"
      },
      {
        "model": "standard manageability",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "11.22.77"
      },
      {
        "model": "standard manageability",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "11.8.77"
      },
      {
        "model": "standard manageability",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "12.0.64"
      },
      {
        "model": "standard manageability",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "14.0.33"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8674"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.8.77",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.12.77",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.22.77",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0.64",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0.33",
                "versionStartIncluding": "14.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.8.77",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.12.77",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.22.77",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0.64",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:service_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.0.33",
                "versionStartIncluding": "14.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8674"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This document was written by Vijay Sarvepalli.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-8674",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006809",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-186799",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006809",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-8674",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006809",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-814",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-186799",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186799"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.CVE-2020-0594 Unknown\nCVE-2020-0595 Unknown\nCVE-2020-0597 Unknown\nCVE-2020-11896 Affected\nCVE-2020-11897 Not Affected\nCVE-2020-11898 Affected\nCVE-2020-11899 Not Affected\nCVE-2020-11900 Affected\nCVE-2020-11901 Not Affected\nCVE-2020-11902 Not Affected\nCVE-2020-11903 Not Affected\nCVE-2020-11904 Not Affected\nCVE-2020-11905 Not Affected\nCVE-2020-11906 Affected\nCVE-2020-11907 Affected\nCVE-2020-11908 Not Affected\nCVE-2020-11909 Not Affected\nCVE-2020-11910 Not Affected\nCVE-2020-11911 Affected\nCVE-2020-11912 Affected\nCVE-2020-11913 Not Affected\nCVE-2020-11914 Affected\nCVE-2020-8674 UnknownCVE-2020-0594 Unknown\nCVE-2020-0595 Unknown\nCVE-2020-0597 Unknown\nCVE-2020-11896 Affected\nCVE-2020-11897 Not Affected\nCVE-2020-11898 Affected\nCVE-2020-11899 Not Affected\nCVE-2020-11900 Affected\nCVE-2020-11901 Not Affected\nCVE-2020-11902 Not Affected\nCVE-2020-11903 Not Affected\nCVE-2020-11904 Not Affected\nCVE-2020-11905 Not Affected\nCVE-2020-11906 Affected\nCVE-2020-11907 Affected\nCVE-2020-11908 Not Affected\nCVE-2020-11909 Not Affected\nCVE-2020-11910 Not Affected\nCVE-2020-11911 Affected\nCVE-2020-11912 Affected\nCVE-2020-11913 Not Affected\nCVE-2020-11914 Affected\nCVE-2020-8674 Unknown. Intel(R) AMT and ISM Exists in an out-of-bounds read vulnerability.Information may be obtained. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64, before 14.0.33; ISM before 11.8.76, before 11.12.77 Version, version before 11.22.77, version before 12.0.64, version before 14.0.33",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8674"
      },
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186799"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-8674",
        "trust": 3.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#257161",
        "trust": 2.5
      },
      {
        "db": "LENOVO",
        "id": "LEN-30041",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU98979613",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-814",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1991",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1991.2",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-186799",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186799"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ]
  },
  "id": "VAR-202006-1686",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186799"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:53:14.746000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00295",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
      },
      {
        "title": "Intel AMT  and ISM Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122464"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186799"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8674"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.kb.cert.org/vuls/id/257161"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
      },
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.synology.com/security/advisory/synology_sa_20_15"
      },
      {
        "trust": 1.7,
        "url": "https://support.lenovo.com/de/en/product_security/len-30041"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8674"
      },
      {
        "trust": 0.8,
        "url": "cve-2020-0594  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-0595  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-0597  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11896  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11897  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11898  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11899  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11900  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11901  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11902  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11903  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11904  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11905  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11906  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11907  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11908  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11909  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11910  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11911  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11912  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11913  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-11914  "
      },
      {
        "trust": 0.8,
        "url": "cve-2020-8674  "
      },
      {
        "trust": 0.8,
        "url": "vince json"
      },
      {
        "trust": 0.8,
        "url": "csaf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8674"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98979613/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1991/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1991.2/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-30041"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186799"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186799"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8674"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "date": "2020-06-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186799"
      },
      {
        "date": "2020-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "date": "2020-06-15T14:15:12.440000",
        "db": "NVD",
        "id": "CVE-2020-8674"
      },
      {
        "date": "2020-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257161"
      },
      {
        "date": "2021-03-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186799"
      },
      {
        "date": "2020-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006809"
      },
      {
        "date": "2021-03-18T13:15:20.080000",
        "db": "NVD",
        "id": "CVE-2020-8674"
      },
      {
        "date": "2021-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Treck IP stacks contain multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257161"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-814"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8674 (GCVE-0-2020-8674)

CERTFR-2020-AVI-353

Solution

CERTFR-2020-AVI-353

Solution

CNVD-2020-34710

GHSA-CC9V-QMM3-2W98

GSD-2020-8674

FKIE_CVE-2020-8674

VAR-202006-1686

Tags

Sightings

Nomenclature