Lucene search

[email protected]CVE-2020-8758

HistorySep 10, 2020 - 3:16 p.m.

CVE-2020-8758

2020-09-1015:16:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

144

cve-2020-8758

improper buffer restrictions

intel amt

intel ism

privilege escalation

network subsystem

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

Improper buffer restrictions in network subsystem in provisioned Intel® AMT and Intel® ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.

CPENameOperatorVersion
intel:standard_manageabilityintel standard manageabilitylt14.0.39
intel:standard_manageabilityintel standard manageabilitylt12.0.68
intel:standard_manageabilityintel standard manageabilitylt11.22.79
intel:standard_manageabilityintel standard manageabilitylt11.12.79
intel:standard_manageabilityintel standard manageabilitylt11.8.79
intel:active_management_technology_firmwareintel active management technology firmwarelt14.0.39
intel:active_management_technology_firmwareintel active management technology firmwarelt12.0.68
intel:active_management_technology_firmwareintel active management technology firmwarelt11.22.79
intel:active_management_technology_firmwareintel active management technology firmwarelt11.12.79
intel:active_management_technology_firmwareintel active management technology firmwarelt11.8.79

CPE	Name	Operator	Version
intel:standard_manageability	intel standard manageability	lt	14.0.39
intel:standard_manageability	intel standard manageability	lt	12.0.68
intel:standard_manageability	intel standard manageability	lt	11.22.79
intel:standard_manageability	intel standard manageability	lt	11.12.79
intel:standard_manageability	intel standard manageability	lt	11.8.79
intel:active_management_technology_firmware	intel active management technology firmware	lt	14.0.39
intel:active_management_technology_firmware	intel active management technology firmware	lt	12.0.68
intel:active_management_technology_firmware	intel active management technology firmware	lt	11.22.79
intel:active_management_technology_firmware	intel active management technology firmware	lt	11.12.79
intel:active_management_technology_firmware	intel active management technology firmware	lt	11.8.79

Rows per page:

1-10 of 111

References

security.netapp.com/advisory/ntap-20200911-0005/

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2020-8758

lenovo2 hp1 prion1 intel1 threatpost1