K50242910 : Intel CSME vulnerabilities CVE-2020-0533, CVE-2020-0534, CVE-2020-0536, and CVE-2020-0539

Security Advisory Description

• CVE-2020-0533

Reversible one-way hash in Intel® CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

• CVE-2020-0534

Improper input validation in the DAL subsystem for Intel® CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.

• CVE-2020-0536

Improper input validation in the DAL subsystem for Intel® CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel® TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

• CVE-2020-0539

Path traversal in subsystem for Intel® DAL software for Intel® CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel® TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

Impact

There is no impact; F5 products are not affected by this vulnerability.