VAR-202011-1362
Vulnerability from variot - Updated: 2023-12-18 11:41Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. Intel(R) CSME , TXE , SPS There is a vulnerability in the initialization of resources to insecure default values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1362",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "server platform services",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "sps_soc-a_04.00.04.300"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.0"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "sps_soc-x_04.00.04.200"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.80"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.80"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.80"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "13.30.10"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "13.30.0"
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4.0.30"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.0"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.0"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3.1.80"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "13.0"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e5_04.01.04.400"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.0.45"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e3_04.01.04.200"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "13.0.40"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.70"
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel converged security manageability engine"
},
{
"model": "trusted execution technology",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "server platform services"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.8.80",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.12.80",
"versionStartIncluding": "11.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.22.80",
"versionStartIncluding": "11.22.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.70",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0.40",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.30.10",
"versionStartIncluding": "13.30.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.45",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:trusted_execution_technology:3.1.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:trusted_execution_technology:4.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:server_platform_services:sps_e3_04.01.04.200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:server_platform_services:sps_e5_04.01.04.400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:server_platform_services:sps_soc-a_04.00.04.300:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:server_platform_services:sps_soc-x_04.00.04.200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"cve": "CVE-2020-8705",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-8705",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186830",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-8705",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8705",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1655",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-186830",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186830"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. Intel(R) CSME , TXE , SPS There is a vulnerability in the initialization of resources to insecure default values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8705"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "VULHUB",
"id": "VHN-186830"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8705",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582",
"trust": 0.8
},
{
"db": "LENOVO",
"id": "LEN-39432",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3958.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3958",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186830",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186830"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
]
},
"id": "VAR-202011-1362",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186830"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:41:35.306000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00391",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html"
},
{
"title": "Multiple Intel Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135436"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "Initializing resources to unsafe default values (CWE-1188) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201113-0002/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201113-0004/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201113-0005/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8705"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3958/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3958.2/"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-39432"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186830"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186830"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-186830"
},
{
"date": "2021-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"date": "2020-11-12T18:15:16.847000",
"db": "NVD",
"id": "CVE-2020-8705"
},
{
"date": "2019-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-186830"
},
{
"date": "2021-07-08T07:58:00",
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"date": "2020-11-30T14:40:19.353000",
"db": "NVD",
"id": "CVE-2020-8705"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Intel\u00a0 Product resource initialization to unsafe default values",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…