VAR-202011-1377
Vulnerability from variot - Updated: 2023-12-18 11:18Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Core Processors is an Intel Core series central processing unit (CPU) of Intel Corporation of the United States. An attacker could exploit this vulnerability to escalate privileges through local access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1377",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.0"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.0"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.0"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.80"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.80"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.80"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.0.45"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.70"
},
{
"model": "intel csme",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel csme firmware 11.12.80"
},
{
"model": "intel csme",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel csme firmware 14.0.45"
},
{
"model": "intel csme",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel csme firmware 11.8.80"
},
{
"model": "intel csme",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel csme firmware 12.0.70"
},
{
"model": "intel csme",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel csme",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel csme firmware 11.22.80"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"db": "NVD",
"id": "CVE-2020-8756"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.8.80",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.12.80",
"versionStartIncluding": "11.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.22.80",
"versionStartIncluding": "11.22.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.70",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.45",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8756"
}
]
},
"cve": "CVE-2020-8756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-8756",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186881",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-8756",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8756",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1666",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-186881",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"db": "NVD",
"id": "CVE-2020-8756"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Core Processors is an Intel Core series central processing unit (CPU) of Intel Corporation of the United States. An attacker could exploit this vulnerability to escalate privileges through local access",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8756"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"db": "VULHUB",
"id": "VHN-186881"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8756",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013417",
"trust": 0.8
},
{
"db": "LENOVO",
"id": "LEN-39432",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3958.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3958",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1666",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-68830",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-186881",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"db": "NVD",
"id": "CVE-2020-8756"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
]
},
"id": "VAR-202011-1377",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186881"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:18:17.375000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00391",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html"
},
{
"title": "Intel CSME Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135725"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"db": "NVD",
"id": "CVE-2020-8756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201113-0002/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8756"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3958/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3958.2/"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-39432"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"db": "NVD",
"id": "CVE-2020-8756"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"db": "NVD",
"id": "CVE-2020-8756"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-186881"
},
{
"date": "2021-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"date": "2020-11-12T18:15:18.050000",
"db": "NVD",
"id": "CVE-2020-8756"
},
{
"date": "2019-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-186881"
},
{
"date": "2021-07-02T04:36:00",
"db": "JVNDB",
"id": "JVNDB-2020-013417"
},
{
"date": "2020-11-24T16:51:31.927000",
"db": "NVD",
"id": "CVE-2020-8756"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R)\u00a0CSME\u00a0 Input confirmation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013417"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1666"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…