VAR-202006-0254
Vulnerability from variot - Updated: 2023-12-18 11:13Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access. Intel(R) CSME and TXE Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A path traversal vulnerability exists in the subsystems of Intel TXE and CSME (Intel DAL software). An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64, before 13.0.32, before 14.0.33; Intel TXE 3.1.75 Previous versions, versions before 4.0.25
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "13.0.32"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.10"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "13.0"
},
{
"model": "trusted execution engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "4.0.25"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.20"
},
{
"model": "trusted execution engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "3.1.75"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "trusted execution engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "3.0"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "trusted execution engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "4.0"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.0"
},
{
"model": "converged security management engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.0"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.0.33"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "13.0.32"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "14.0.33"
},
{
"model": "trusted execution engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "3.1.75"
},
{
"model": "trusted execution engine",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "4.0.25"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"db": "NVD",
"id": "CVE-2020-0539"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.8.77",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.12.77",
"versionStartIncluding": "11.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.22.77",
"versionStartIncluding": "11.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:undefined",
"cpe_name": [],
"versionEndExcluding": "12.0.64",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0.32",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.33",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.75",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.25",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0539"
}
]
},
"cve": "CVE-2020-0539",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006828",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-161973",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006828",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-0539",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006828",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-737",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-161973",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"db": "NVD",
"id": "CVE-2020-0539"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access. Intel(R) CSME and TXE Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A path traversal vulnerability exists in the subsystems of Intel TXE and CSME (Intel DAL software). An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64, before 13.0.32, before 14.0.33; Intel TXE 3.1.75 Previous versions, versions before 4.0.25",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0539"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"db": "VULHUB",
"id": "VHN-161973"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0539",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-30041",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU98979613",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006828",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-737",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161973",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"db": "NVD",
"id": "CVE-2020-0539"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
]
},
"id": "VAR-202006-0254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-161973"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:13:38.488000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00295",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"title": "Intel TXE and CSME Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122455"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"db": "NVD",
"id": "CVE-2020-0539"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200611-0006/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/de/en/product_security/len-30041"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0539"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0539"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98979613/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991.2/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-30041"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"db": "NVD",
"id": "CVE-2020-0539"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-161973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"db": "NVD",
"id": "CVE-2020-0539"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-161973"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"date": "2020-06-15T14:15:10.970000",
"db": "NVD",
"id": "CVE-2020-0539"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-161973"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006828"
},
{
"date": "2020-07-22T14:15:15.687000",
"db": "NVD",
"id": "CVE-2020-0539"
},
{
"date": "2021-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) CSME and TXE Past Traversal Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-737"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…