var-202009-1429
Vulnerability from variot
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. Security vulnerabilities exist in Intel(R) Core(TM), Intel(R) Celeron(R) 8th and 9th generation versions. The vulnerability stems from reading firmware outside the BIOS of 4000 series processors
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1429",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "standard manageability",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.8"
},
{
"model": "standard manageability",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.79"
},
{
"model": "standard manageability",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.12"
},
{
"model": "standard manageability",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.0"
},
{
"model": "standard manageability",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.79"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.79"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.22"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.79"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "standard manageability",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.22"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.79"
},
{
"model": "standard manageability",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.0.39"
},
{
"model": "standard manageability",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.68"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "standard manageability",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.68"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.0.39"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.12"
},
{
"model": "standard manageability",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.79"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.8"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8758"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.39",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.68",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.22.79",
"versionStartIncluding": "11.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.12.79",
"versionStartIncluding": "11.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.8.79",
"versionStartIncluding": "11.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.39",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.68",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.22.79",
"versionStartIncluding": "11.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.12.79",
"versionStartIncluding": "11.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.8.79",
"versionStartIncluding": "11.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8758"
}
]
},
"cve": "CVE-2020-8758",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-186883",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8758",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-565",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-186883",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186883"
},
{
"db": "NVD",
"id": "CVE-2020-8758"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. Security vulnerabilities exist in Intel(R) Core(TM), Intel(R) Celeron(R) 8th and 9th generation versions. The vulnerability stems from reading firmware outside the BIOS of 4000 series processors",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8758"
},
{
"db": "VULHUB",
"id": "VHN-186883"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8758",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202009-565",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3094.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3094",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-41856",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186883",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186883"
},
{
"db": "NVD",
"id": "CVE-2020-8758"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
]
},
"id": "VAR-202009-1429",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186883"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:18:08.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Intel Active Management Technology Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=128021"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186883"
},
{
"db": "NVD",
"id": "CVE-2020-8758"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200911-0005/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-41856"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3094/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8758"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3094.2/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186883"
},
{
"db": "NVD",
"id": "CVE-2020-8758"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186883"
},
{
"db": "NVD",
"id": "CVE-2020-8758"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-186883"
},
{
"date": "2020-09-10T15:16:53.827000",
"db": "NVD",
"id": "CVE-2020-8758"
},
{
"date": "2020-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-186883"
},
{
"date": "2023-05-22T15:31:46.127000",
"db": "NVD",
"id": "CVE-2020-8758"
},
{
"date": "2023-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Active Management Technology Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-565"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.