2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory

2022-05-12T00:00:00

Description

### Summary: Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Dynamic Application Loader (DAL), Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) and Intel® Dynamic Application Loader (Intel® DAL) may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel® DAL SDK. ### Vulnerability Details: CVEID: [CVE-2020-8752](<https://vulners.com/cve/CVE-2020-8752>) Description: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. CVSS Base Score: 9.4 Critical CVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L>) CVEID: [CVE-2020-8753](<https://vulners.com/cve/CVE-2020-8753>) Description: Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. CVSS Base Score: 8.2 High CVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L>) CVEID: [CVE-2020-12297](<https://vulners.com/cve/CVE-2020-12297>) Description: Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. CVSS Base Score: 8.2 High CVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>) CVEID: [CVE-2020-12304](<https://vulners.com/cve/CVE-2020-12304>) Description: Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. CVSS Base Score: 8.2 High CVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>) CVEID: [CVE-2020-8745](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020->) Description: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVSS Base Score: 7.3 High CVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N>) CVEID: [CVE-2020-8744](<https://vulners.com/cve/CVE-2020-8744>) Description: Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 7.2 High CVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N>) CVEID: [CVE-2020-8705](<https://vulners.com/cve/CVE-2020-8705>) Description: Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. CVSS Base Score: 7.1 High CVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H>) CVEID: [CVE-2020-8750](<https://vulners.com/cve/CVE-2020-8750>) Description: Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score: 7.0 High CVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>) CVEID: [CVE-2020-12303](<https://vulners.com/cve/CVE-2020-12303>) Description: Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. CVSS Base Score: 7.0 High CVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>) CVE ID: [CVE-2020-12354](<https://vulners.com/cve/CVE-2020-12354>) Description: Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.7 Medium CVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>) CVEID: [CVE-2020-8757](<https://vulners.com/cve/CVE-2020-8757>) Description: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.3 Medium CVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L>) CVEID: [CVE-2020-8756](<https://vulners.com/cve/CVE-2020-8756>) Description: Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.3 Medium CVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L>) CVEID: [CVE-2020-8760](<https://vulners.com/cve/CVE-2020-8760>) Description: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.0 Medium CVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L>) CVE ID: [CVE-2020-12355](<https://vulners.com/cve/CVE-2020-12355>) Description: Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVSS Base Score: 5.3 Medium CVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N>) CVEID: [CVE-2020-8751](<https://vulners.com/cve/CVE-2020-8751>) Description: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access. CVSS Base Score: 5.3 Medium CVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N>) CVEID: [CVE-2020-8754](<https://vulners.com/cve/CVE-2020-8754>) Description: Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. CVSS Base Score: 5.3 Medium CVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N>) CVEID: [CVE-2020-8761](<https://vulners.com/cve/CVE-2020-8761>) Description: Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. CVSS Base Score: 4.9 Medium CVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N>) CVEID: [CVE-2020-8747](<https://vulners.com/cve/CVE-2020-8747>) Description: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. CVSS Base Score: 4.8 Medium CVSS Vector: [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L>) CVEID: [CVE-2020-8755](<https://vulners.com/cve/CVE-2020-8755>) Description: Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVSS Base Score: 4.6 Medium CVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>) CVE ID: [CVE-2020-12356](<https://vulners.com/cve/CVE-2020-12356>) Description: Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access. CVSS Base Score: 4.4 Medium CVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>) CVEID: [CVE-2020-8746](<https://vulners.com/cve/CVE-2020-8746>) Description: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVSS Base Score: 4.3 Medium CVSS Vector: [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) CVEID: [CVE-2020-8749](<https://vulners.com/cve/CVE-2020-8749>) Description: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVSS Base Score: 4.2 Medium CVSS Vector: [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>) ### Affected Products: * Intel® CSME and Intel® AMT versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25. * Intel® TXE versions before 3.1.80 and 4.0.30. * Intel® Server Platform Services firmware versions before SPS_E5_04.01.04.400, SPS_E3_05.01.04.200, SPS_E3_04.01.04.200, SPS_SoC-X_04.00.04.200 and SPS_SoC-A_04.00.04.300. The following CVEs assigned by Intel, correspond to a subset of the CVEs disclosed on 12/18/2020 as part of [ICSA-20-353-01](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>): Disclosed in INTEL-SA-00391 | Disclosed in [ICSA-20-353-01](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>) ---|--- CVE-2020-8752 | CVE-2020-27337 CVE-2020-8753 | CVE-2020-27338 CVE-2020-8754 | CVE-2020-27336 Note: Firmware versions of Intel® ME 3.x thru 10.x, Intel® TXE 1.x thru 2.x, and Intel® Server Platform Services 1.x thru 2.X are no longer supported versions. There is no new general release planned for these versions. ### Recommendations: Intel recommends that users of Intel® CSME, Intel® TXE, Intel® AMT and Intel® SPS update to the latest version provided by the system manufacturer that addresses these issues. The Intel® AMT SDK is available for download [here](<https://software.intel.com/content/www/us/en/develop/download/intel-active-management-technology-sdk.html>). Intel has issued a Product Discontinuation notice for the Intel® DAL SDK and recommends that users of the Intel® DAL SDK uninstall it or discontinue use at their earliest convenience. ### Acknowledgements: Intel would like to thank Trammell Hudson (CVE-2020-8705), Marius Gabriel Mihai (CVE-2020-12354, CVE-2020-12304), Oussama Sahnoun (CVE-2020-12297), Rotem Sela and Brian Mastenbrook (CVE-2020-12355) for reporting these issues. The additional issues were found internally by Intel employees. Intel would like to thank Arie Haenel, Aviya Erenfeld, Binyamin Belaciano, Dmitry Piotrovsky, Julien Lenoir, Niv Israely, Ofek Mostovoy, Yakov Cohen and Yossef Kuszer. Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

{"id": "INTEL:INTEL-SA-00391", "vendorId": null, "type": "intel", "bulletinFamily": "info", "title": "2020.2 IPU \u2013 Intel\u00ae CSME, SPS, TXE, and AMT\u00a0Advisory", "description": "### Summary: \n\nPotential security vulnerabilities in Intel\u00ae Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel\u00ae Trusted Execution Engine (TXE), Intel\u00ae Dynamic Application Loader (DAL), Intel\u00ae Active Management Technology (AMT), Intel\u00ae Standard Manageability (ISM) and Intel\u00ae Dynamic Application Loader (Intel\u00ae DAL) may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.\n\nIntel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel\u00ae DAL SDK.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2020-8752](<https://vulners.com/cve/CVE-2020-8752>)\n\nDescription: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.\n\nCVSS Base Score: 9.4 Critical\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8753](<https://vulners.com/cve/CVE-2020-8753>)\n\nDescription: Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L>)\n\nCVEID: [CVE-2020-12297](<https://vulners.com/cve/CVE-2020-12297>)\n\nDescription: Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-12304](<https://vulners.com/cve/CVE-2020-12304>)\n\nDescription: Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8745](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020->)\n\nDescription: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N>)\n\nCVEID: [CVE-2020-8744](<https://vulners.com/cve/CVE-2020-8744>)\n\nDescription: Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel\u00ae TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N>)\n\nCVEID: [CVE-2020-8705](<https://vulners.com/cve/CVE-2020-8705>)\n\nDescription: Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8750](<https://vulners.com/cve/CVE-2020-8750>)\n\nDescription: Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.0 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-12303](<https://vulners.com/cve/CVE-2020-12303>)\n\nDescription: Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel\u00ae TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 7.0 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)\n\nCVE ID: [CVE-2020-12354](<https://vulners.com/cve/CVE-2020-12354>)\n\nDescription: Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8757](<https://vulners.com/cve/CVE-2020-8757>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8756](<https://vulners.com/cve/CVE-2020-8756>)\n\nDescription: Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8760](<https://vulners.com/cve/CVE-2020-8760>)\n\nDescription: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.0 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVE ID: [CVE-2020-12355](<https://vulners.com/cve/CVE-2020-12355>)\n\nDescription: Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N>)\n\nCVEID: [CVE-2020-8751](<https://vulners.com/cve/CVE-2020-8751>)\n\nDescription: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8754](<https://vulners.com/cve/CVE-2020-8754>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N>)\n\nCVEID: [CVE-2020-8761](<https://vulners.com/cve/CVE-2020-8761>)\n\nDescription: Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\nCVSS Base Score: 4.9 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8747](<https://vulners.com/cve/CVE-2020-8747>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.\n\nCVSS Base Score: 4.8 Medium\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L>)\n\nCVEID: [CVE-2020-8755](<https://vulners.com/cve/CVE-2020-8755>)\n\nDescription: Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 4.6 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)\n\nCVE ID: [CVE-2020-12356](<https://vulners.com/cve/CVE-2020-12356>)\n\nDescription: Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8746](<https://vulners.com/cve/CVE-2020-8746>)\n\nDescription: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.\n\nCVSS Base Score: 4.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>)\n\nCVEID: [CVE-2020-8749](<https://vulners.com/cve/CVE-2020-8749>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n\nCVSS Base Score: 4.2 Medium\n\nCVSS Vector: [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)\n\n### Affected Products:\n\n * Intel\u00ae CSME and Intel\u00ae AMT versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25.\n * Intel\u00ae TXE versions before 3.1.80 and 4.0.30.\n * Intel\u00ae Server Platform Services firmware versions before SPS_E5_04.01.04.400, SPS_E3_05.01.04.200, SPS_E3_04.01.04.200, SPS_SoC-X_04.00.04.200 and SPS_SoC-A_04.00.04.300. \n\n\nThe following CVEs assigned by Intel, correspond to a subset of the CVEs disclosed on 12/18/2020 as part of [ICSA-20-353-01](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>):\n\nDisclosed in INTEL-SA-00391\n\n| \n\nDisclosed in [ICSA-20-353-01](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>) \n \n---|--- \n \nCVE-2020-8752\n\n| \n\nCVE-2020-27337 \n \nCVE-2020-8753\n\n| \n\nCVE-2020-27338 \n \nCVE-2020-8754\n\n| \n\nCVE-2020-27336 \n \nNote: Firmware versions of Intel\u00ae ME 3.x thru 10.x, Intel\u00ae TXE 1.x thru 2.x, and Intel\u00ae Server Platform Services 1.x thru 2.X are no longer supported versions. There is no new general release planned for these versions.\n\n### Recommendations:\n\nIntel recommends that users of Intel\u00ae CSME, Intel\u00ae TXE, Intel\u00ae AMT and Intel\u00ae SPS update to the latest version provided by the system manufacturer that addresses these issues.\n\nThe Intel\u00ae AMT SDK is available for download [here](<https://software.intel.com/content/www/us/en/develop/download/intel-active-management-technology-sdk.html>). \n\nIntel has issued a Product Discontinuation notice for the Intel\u00ae DAL SDK and recommends that users of the Intel\u00ae DAL SDK uninstall it or discontinue use at their earliest convenience.\n\n### Acknowledgements:\n\nIntel would like to thank Trammell Hudson (CVE-2020-8705), Marius Gabriel Mihai (CVE-2020-12354, CVE-2020-12304), Oussama Sahnoun (CVE-2020-12297), Rotem Sela and Brian Mastenbrook (CVE-2020-12355) for reporting these issues.\n\nThe additional issues were found internally by Intel employees. Intel would like to thank Arie Haenel, Aviya Erenfeld, Binyamin Belaciano, Dmitry Piotrovsky, Julien Lenoir, Niv Israely, Ofek Mostovoy, Yakov Cohen and Yossef Kuszer.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "published": "2022-05-12T00:00:00", "modified": "2020-11-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html", "reporter": "Intel Security Center", "references": [], "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12304", "CVE-2020-12354", "CVE-2020-12355", "CVE-2020-12356", "CVE-2020-27336", "CVE-2020-27337", "CVE-2020-27338", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8750", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "immutableFields": [], "lastseen": "2023-02-08T18:04:14", "viewCount": 13, "enchantments": {"score": {"value": 3.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "cert", "idList": ["VU:231329"]}, {"type": "cve", "idList": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12304", "CVE-2020-12354", "CVE-2020-12355", "CVE-2020-12356", "CVE-2020-27336", "CVE-2020-27337", "CVE-2020-27338", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8750", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"]}, {"type": "f5", "idList": ["F5:K21882212", "F5:K23033557", "F5:K35925420", "F5:K43877335", "F5:K44834280", "F5:K45573415", "F5:K61095244"]}, {"type": "hp", "idList": ["HP:C06962103", "HP:C06990695"]}, {"type": "ics", "idList": ["ICSA-20-353-01", "ICSA-21-131-15", "ICSA-22-132-05"]}, {"type": "nessus", "idList": ["ARUBAOS-SWITCH_ARUBA-PSA-2021-003.NASL", "INTEL_SA_00391.NASL", "TENABLE_OT_SIEMENS_CVE-2020-8744.NASL", "TENABLE_OT_SIEMENS_CVE-2020-8745.NASL", "WMI_INTEL-SA-00391.NBIN"]}, {"type": "thn", "idList": ["THN:16FE02C52CCB308E7739CDE97FA32A3C"]}, {"type": "threatpost", "idList": ["THREATPOST:D2398CA9B354449C8FCA1436DF9E5877"]}]}, "epss": [{"cve": "CVE-2020-12297", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-12303", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-12304", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-12354", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-12355", "epss": "0.000680000", "percentile": "0.276030000", "modified": "2023-03-19"}, {"cve": "CVE-2020-12356", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-27336", "epss": "0.001400000", "percentile": "0.478680000", "modified": "2023-03-19"}, {"cve": "CVE-2020-27337", "epss": "0.001600000", "percentile": "0.509390000", "modified": "2023-03-19"}, {"cve": "CVE-2020-27338", "epss": "0.000880000", "percentile": "0.360500000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8705", "epss": "0.001250000", "percentile": "0.453930000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8744", "epss": "0.000450000", "percentile": "0.120110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8745", "epss": "0.000720000", "percentile": "0.290300000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8746", "epss": "0.000610000", "percentile": "0.236090000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8747", "epss": "0.002040000", "percentile": "0.566850000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8749", "epss": "0.000680000", "percentile": "0.276030000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8750", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8751", "epss": "0.000750000", "percentile": "0.303310000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8752", "epss": "0.002210000", "percentile": "0.585580000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8753", "epss": "0.001580000", "percentile": "0.506190000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8754", "epss": "0.001580000", "percentile": "0.506190000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8755", "epss": "0.000870000", "percentile": "0.351840000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8756", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8757", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8760", "epss": "0.000440000", "percentile": "0.102110000", "modified": "2023-03-19"}, {"cve": "CVE-2020-8761", "epss": "0.000550000", "percentile": "0.209160000", "modified": "2023-03-19"}], "vulnersScore": 3.8}, "_state": {"score": 1684014194, "dependencies": 1675879463, "epss": 1679291388}, "_internal": {"score_hash": "e67c736e327527f3a15edd71d07235d5"}, "severity": "CRITICAL"}

{"hp": [{"lastseen": "2023-06-02T14:57:03", "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service, Information Disclosure\n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Intel \n\n## VULNERABILITY SUMMARY\nIntel has informed HP of potential security vulnerabilities identified in Intel\u00ae Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel\u00ae Trusted Execution Engine (TXE), Intel\u00ae Dynamic Application Loader (DAL), Intel\u00ae Active Management Technology (AMT), Intel\u00ae Standard Manageability (ISM) and Intel\u00ae Dynamic Application Loader (Intel\u00ae DAL) that may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. \n\nIntel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel\u00ae DAL SDK.\n\n## RESOLUTION\nIntel has released updates to mitigate the potential vulnerabilities. HP has identified the affected platforms and the corresponding SoftPaq updated versions. See the affected platforms listed below. Newer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model. \n\nHP recommends keeping your system up to date with the latest firmware and software. \n\n> note:\n> \n> This bulletin may be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive: \n> \n> * Product support eAlerts\n> * Driver updates\n> * Security Bulletin updates\n\n**Pending:** SoftPaq is in progress. \n\n**Under investigation:** System under investigation for impact, or SoftPaq under investigation for feasibility/availability. \n\n**Not available: **SoftPaq not available due to technical or logistical constraints. \n\n**Check support page:**The listed SoftPaq has been removed from downloaded site. SoftPaqs with newer versions may be available on the HP Customer Support - Software and Driver Downloads site. \n", "cvss3": {}, "published": "2020-11-09T00:00:00", "type": "hp", "title": "HPSBHF03703 rev. 4 - Intel\u00ae 2020.2 IPU - CSME, SPS, TXE, AMT, and DAL Security Update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12304", "CVE-2020-12354", "CVE-2020-12355", "CVE-2020-12356", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8750", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "modified": "2021-06-02T00:00:00", "id": "HP:C06962103", "href": "https://support.hp.com/us-en/document/c06962103", "cvss": {"score": "8.2", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/"}}, {"lastseen": "2021-09-21T01:06:03", "description": "## Potential Security Impact\nDenial of Service\n\n**Source:** HP, HP Product Security Response Team (PSRT)\n\n\n## VULNERABILITY SUMMARY\nHP has identified a potential security vulnerability with the IPv6 network\nstack of certain HP and Samsung branded printers that could result in a denial\nof service.\n\n\n## RESOLUTION\nHP is actively investigating the referenced potential security vulnerability.\nPlease subscribe to HP Security Bulletin alerts as described below for further\nupdates on the issue. The current recommendation to help mitigate potential\nexploitation of the vulnerability is to disable IPv6 on the printer.\n\nTo disable IPv6, access the Embedded Web Server (EWS) on the printer, and then\nselect Enable IPv4 only as illustrated below.\n\n![Enabling IPv4 on the Embedded Web Server \\(EWS\\)](/doc-\nimages/281/c06990696.png)\n\nFor more information on accessing the EWS, refer to [HP Printers - Using the\nHP Printer Embedded Web Server (EWS)](/us-en/document/c01123173).\n\n", "cvss3": {}, "published": "2020-12-27T00:00:00", "type": "hp", "title": "HPSBPI03709 rev. 1 - Certain HP and Samsung-branded Print Products - IPv6 Network Stack Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-27337", "CVE-2020-27338", "CVE-2020-27336"], "modified": "2020-12-27T00:00:00", "id": "HP:C06990695", "href": "https://support.hp.com/us-en/document/c06990695", "cvss": {"score": "5.3", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/"}}], "nessus": [{"lastseen": "2023-05-18T15:25:23", "description": "The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported, is a version containing multiple vulnerabilities, including the following:\n\n - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. (CVE-2020-8752)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. (CVE-2020-8747)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-8749)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-20T00:00:00", "type": "nessus", "title": "Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12354", "CVE-2020-12356", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "modified": "2020-11-24T00:00:00", "cpe": ["cpe:/h:intel:active_management_technology", "cpe:/o:intel:active_management_technology_firmware"], "id": "INTEL_SA_00391.NASL", "href": "https://www.tenable.com/plugins/nessus/143152", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143152);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\n \"CVE-2020-8705\",\n \"CVE-2020-8744\",\n \"CVE-2020-8745\",\n \"CVE-2020-8746\",\n \"CVE-2020-8747\",\n \"CVE-2020-8749\",\n \"CVE-2020-8751\",\n \"CVE-2020-8752\",\n \"CVE-2020-8753\",\n \"CVE-2020-8754\",\n \"CVE-2020-8755\",\n \"CVE-2020-8756\",\n \"CVE-2020-8757\",\n \"CVE-2020-8760\",\n \"CVE-2020-8761\",\n \"CVE-2020-12297\",\n \"CVE-2020-12303\",\n \"CVE-2020-12354\",\n \"CVE-2020-12356\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0534\");\n\n script_name(english:\"Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391) (remote check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The management engine on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its\nself-reported, is a version containing multiple vulnerabilities, including the following:\n\n - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80,\n 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of\n privileges via network access. (CVE-2020-8752)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and\n 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of\n service via network access. (CVE-2020-8747)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and\n 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent\n access. (CVE-2020-8749)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2fdd021\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact your system OEM for updated firmware per the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:intel:active_management_technology\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:intel:active_management_technology_firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"intel_amt_remote_detect.nbin\");\n script_require_keys(\"installed_sw/Intel Active Management Technology\");\n script_require_ports(\"Services/www\", 16992, 16993, 16994, 16995, 623, 664);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nget_kb_item_or_exit('installed_sw/Intel Active Management Technology');\n\nport = get_http_port(default:16992);\n\napp = 'Intel Active Management Technology';\napp_info = vcf::get_app_info(app:app, port:port);\n\nconstraints = [\n { 'min_version' : '11.8', 'fixed_version' : '11.8.80' },\n { 'min_version' : '11.12', 'fixed_version' : '11.12.80' },\n { 'min_version' : '11.22', 'fixed_version' : '11.22.80' },\n { 'min_version' : '12.0', 'fixed_version' : '12.0.70' },\n { 'min_version' : '13.0', 'fixed_version' : '13.0.40' },\n { 'min_version' : '13.30', 'fixed_version' : '13.30.10' },\n { 'min_version' : '14.0', 'fixed_version' : '14.0.45' },\n { 'min_version' : '14.5', 'fixed_version' : '14.5.25' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T15:36:55", "description": "The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following:\n\n - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. (CVE-2020-8752)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. (CVE-2020-8747)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-8749)\n\nNote that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this time.", "cvss3": {}, "published": "2020-11-20T00:00:00", "type": "nessus", "title": "Intel Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8752"], "modified": "2023-06-01T00:00:00", "cpe": ["cpe:/h:intel:active_management_technology", "cpe:/o:intel:active_management_technology_firmware"], "id": "WMI_INTEL-SA-00391.NBIN", "href": "https://www.tenable.com/plugins/nessus/143151", "sourceData": "Binary data wmi_INTEL-SA-00391.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:03", "description": "According to its self-reported version number the remote host is affected by a memory corruption vulnerability. An unauthenticated, remote host can exploit this to disclose sensitive information / memory contents or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-14T00:00:00", "type": "nessus", "title": "ArubaOS-Switch Memory Corruption Vulnerability (ARUBA-PSA-2021-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27337"], "modified": "2021-07-01T00:00:00", "cpe": ["cpe:/o:arubanetworks:arubaos", "cpe:/o:hp:arubaos", "x-cpe:/o:arubanetworks:arubaos-switch"], "id": "ARUBAOS-SWITCH_ARUBA-PSA-2021-003.NASL", "href": "https://www.tenable.com/plugins/nessus/150752", "sourceData": "#TRUSTED 49025e4e43c18d558f76d2ff0ac15b169d35f3bc47ce5b20eb75f602bcb4fc778fb50ed1fadd80c869d1180067d2e26c14b5d6d2604afec81fc2983d84e9458fc674029912fb1b0d87fe8e6597fc3c87356bc24ebb279b78e9715fe88a4940fce85ddcb1dd6944f8f9c4a739efa5ee078df75ce1c5c28598d7929576279af626e4b8aa4312f4c491245048ec5e9a6e029ceb17358493448593669cc347751624a1f7c15cb63ee54f8657d97eb284d768e7112acda02ccbd85f3feab1f382ca69afc11a83f8818ee8fc7578ffe6a2125592805078908537b1a10f1e84b91306001496e128113cb6c360fe4fc4a138a4de518423560a557724bdc77f9e614534fe24f7560b6fd76e1d97368394c744992772073f9ae0325ecaca24e57f774378abbabafa6e29875516d8d3a2fa852e0edcbc93455efe5190b1cc4e305d01f1cf3aef05786f755152affa7b73645ebdfa04f60f1a5571faf772aae4f9b898d175b42bfa244a61d000266b0fc206395604759f588227fadef2456ef845c29372ad0a2e3bcc62944555d931d75feb946e3068d399a5b698291b1b91abd282c60592dc19bec071077e884efcca36407064c5c7253083406ded31def4ce9cd0d41644c514abe35731ebf3fc0114991875a3ea4593860ca4e759b135053de8bad9ae72f83cac4d857c0b4b3351cdc379a79826d3962cd392556d79ecfb10e8ab14c09550\n#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150752);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/01\");\n\n script_cve_id(\"CVE-2020-27337\");\n\n script_name(english:\"ArubaOS-Switch Memory Corruption Vulnerability (ARUBA-PSA-2021-003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by a memory corruption vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number the remote host is affected by a memory corruption vulnerability. An \nunauthenticated, remote host can exploit this to disclose sensitive information / memory contents or execute arbitrary \ncode.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-003.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant ArubaOS-Switch version as referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27337\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arubanetworks:arubaos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:arubaos\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:arubanetworks:arubaos-switch\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arubaos_installed.nbin\", \"arubaos_detect.nbin\");\n script_require_ports(\"installed_sw/ArubaOS\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::aruba::combined_get_app_info(os_flavour:'ArubaOS-Switch');\nvar model = app_info['Model'];\nif (empty_or_null(model) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'ArubaOS-Switch', app_info.version);\n\n\nvar constraints = [];\n\nif (model =~ \"54[0-9]{2}R\\s*zl2\" || model =~ \"3810M\" || model =~ \"2930[FM]\" || model =~ \"2920\" || model =~ \"2530\")\n{\n constraints = [\n {'min_version':'0.0', 'fixed_version':'16.08.0019'},\n {'min_version':'16.09', 'fixed_version':'16.09.0015'},\n {'min_version':'16.10', 'fixed_version':'16.10.0012'}\n ];\n}\nelse if (model =~ \"5400R\\s*zl1\")\n{\n constraints = [{'fixed_version':'16.02.0032'}];\n}\nelse if (model =~ \"3800\" || model =~ \"2620\")\n{\n constraints = [{'fixed_version':'16.04.0022'}];\n}\nelse if (model =~ \"2[69]15\")\n{\n constraints = [{'fixed_version':'15.16.0023'}];\n}\nelse if (model =~ \"62[0-9]{2}\\s*yl\" || model =~ \"82[0-9]{2}\\s*zl\")\n{\n constraints = [{'fixed_version':'15.18.0024'}];\n}\nelse if (model =~ \"35[0-9]{2}(\\s*yl)?\")\n{\n constraints = [{'fixed_version':'16.02.0032'}];\n}\nelse if (!empty_or_null(model))\n{\n audit(AUDIT_DEVICE_NOT_VULN, model);\n}\nelse # Paranoid, no model case = flag widest possible range\n{\n constraints = [\n {'min_version':'0.0', 'fixed_version':'16.08.0019'},\n {'min_version':'16.09', 'fixed_version':'16.09.0015'},\n {'min_version':'16.10', 'fixed_version':'16.10.0012'}\n ];\n}\n\n#\u00c2\u00a0Only vuln if IPv6 enabled.\nvar config = get_kb_item('Secret/Host/Aruba/show_running-config');\nif (empty_or_null(config)) \n{\n if (report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'ArubaOS-Switch');\n} \nelse if (!preg(string:config, pattern:\"\\s*ipv6 enable\", multiline:TRUE))\n audit(AUDIT_OS_CONF_NOT_VULN, app_info.app, app_info.version);\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:05", "description": "Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nThis plugin only works with Tenable.ot.\nPlease visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {}, "published": "2022-11-07T00:00:00", "type": "nessus", "title": "Siemens (CVE-2020-8744)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8744"], "modified": "2023-04-18T00:00:00", "cpe": ["cpe:/o:siemens:simatic_s7-1500_firmware:-"], "id": "TENABLE_OT_SIEMENS_CVE-2020-8744.NASL", "href": "https://www.tenable.com/plugins/ot/500705", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500705);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/18\");\n\n script_cve_id(\"CVE-2020-8744\");\n\n script_name(english:\"Siemens (CVE-2020-8744)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Improper initialization in subsystem for Intel(R) CSME versions\nbefore12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE\nversions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200\nmay allow a privileged user to potentially enable escalation of\nprivilege via local access.\n\nThis plugin only works with Tenable.ot.\nPlease visit https://www.tenable.com/products/tenable-ot for more information.\");\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0627cbb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0005/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0004/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8744\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(665);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1500_firmware:-\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Siemens\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Siemens');\n\nvar asset = tenable_ot::assets::get(vendor:'Siemens');\n\nvar vuln_cpes = {\n \"cpe:/o:siemens:simatic_s7-1500_firmware:-\" :\n {\"family\" : \"S71500\"}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:01", "description": "Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\n - Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n (CVE-2020-8745)\n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {}, "published": "2022-10-14T00:00:00", "type": "nessus", "title": "Siemens (CVE-2020-8745)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8745"], "modified": "2023-04-18T00:00:00", "cpe": ["cpe:/o:siemens:simatic_et200sp_1515sp_pc2_firmware"], "id": "TENABLE_OT_SIEMENS_CVE-2020-8745.NASL", "href": "https://www.tenable.com/plugins/ot/500702", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500702);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/18\");\n\n script_cve_id(\"CVE-2020-8745\");\n\n script_name(english:\"Siemens (CVE-2020-8745)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80,\n12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an\nunauthenticated user to potentially enable escalation of privilege via physical access.\n\n - Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80,\n 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30\n may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n (CVE-2020-8745)\n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.\");\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0627cbb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0005/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20201113-0002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_et200sp_1515sp_pc2_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Siemens\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Siemens');\n\nvar asset = tenable_ot::assets::get(vendor:'Siemens');\n\nvar vuln_cpes = {\n \"cpe:/o:siemens:simatic_et200sp_1515sp_pc2_firmware\" :\n {\"versionEndExcluding\" : \"0209.0105\", \"family\" : \"ET200SP\"}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2023-02-21T20:08:06", "description": " * [CVE-2020-8746](<https://vulners.com/cve/CVE-2020-8746>)\n\nInteger overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.\n\n * [CVE-2020-8747](<https://vulners.com/cve/CVE-2020-8747>)\n\nOut-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.\n\n * [CVE-2020-8749](<https://vulners.com/cve/CVE-2020-8749>)\n\nOut-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n\n * [CVE-2020-8752](<https://vulners.com/cve/CVE-2020-8752>)\n\nOut-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.\n\n * [CVE-2020-8753](<https://vulners.com/cve/CVE-2020-8753>)\n\nOut-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-26T07:21:00", "type": "f5", "title": "Intel software vulnerabilities CVE-2020-8746, CVE-2020-8747, CVE-2020-8749, CVE-2020-8752, CVE-2020-8753", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8752", "CVE-2020-8753"], "modified": "2020-11-26T07:25:00", "id": "F5:K23033557", "href": "https://support.f5.com/csp/article/K23033557", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T20:08:05", "description": " * [CVE-2020-8754](<https://vulners.com/cve/CVE-2020-8754>) \nOut-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. \n \n * [CVE-2020-8757](<https://vulners.com/cve/CVE-2020-8757>) \nOut-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. \n \n * [CVE-2020-8760](<https://vulners.com/cve/CVE-2020-8760>) \nInteger overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. \n \n * [CVE-2020-12356](<https://vulners.com/cve/CVE-2020-12356>) \nOut-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access. \n \n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-26T07:44:00", "type": "f5", "title": "Intel software vulnerabilities CVE-2020-8754, CVE-2020-8757, CVE-2020-8760, CVE-2020-12356", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12356", "CVE-2020-8754", "CVE-2020-8757", "CVE-2020-8760"], "modified": "2020-11-26T07:44:00", "id": "F5:K35925420", "href": "https://support.f5.com/csp/article/K35925420", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T20:08:07", "description": " * [CVE-2020-8751](<https://vulners.com/cve/CVE-2020-8751>)\n\nInsufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\n * [CVE-2020-8755](<https://vulners.com/cve/CVE-2020-8755>)\n\nRace condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\n * [CVE-2020-8761](<https://vulners.com/cve/CVE-2020-8761>)\n\nInadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\n * [CVE-2020-12303](<https://vulners.com/cve/CVE-2020-12303>)\n\nUse after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-26T07:20:00", "type": "f5", "title": "Intel software vulnerabilities CVE-2020-8751, CVE-2020-8755, CVE-2020-8761, CVE-2020-12303", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12303", "CVE-2020-8751", "CVE-2020-8755", "CVE-2020-8761"], "modified": "2020-11-26T07:20:00", "id": "F5:K43877335", "href": "https://support.f5.com/csp/article/K43877335", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T20:08:06", "description": " * [CVE-2020-12297](<https://vulners.com/cve/CVE-2020-12297>)\n\nImproper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.\n\n * [CVE-2020-12304](<https://vulners.com/cve/CVE-2020-12304>)\n\nImproper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.\n\n * [CVE-2020-12354](<https://vulners.com/cve/CVE-2020-12354>)\n\nIncorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-26T07:25:00", "type": "f5", "title": "Intel software vulnerabilities CVE-2020-12297, CVE-2020-12304, CVE-2020-12354", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12297", "CVE-2020-12304", "CVE-2020-12354"], "modified": "2020-11-26T07:25:00", "id": "F5:K45573415", "href": "https://support.f5.com/csp/article/K45573415", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T20:08:05", "description": " * [CVE-2020-8705](<https://vulners.com/cve/CVE-2020-8705>)\n\nInsecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.\n\n * [CVE-2020-8744](<https://vulners.com/cve/CVE-2020-8744>)\n\nImproper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.\n\n * [CVE-2020-8745](<https://vulners.com/cve/CVE-2020-8745>)\n\nInsufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\n * [CVE-2020-8756](<https://vulners.com/cve/CVE-2020-8756>)\n\nImproper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-26T07:29:00", "type": "f5", "title": "Intel software vulnerabilities CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8756", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8756"], "modified": "2020-11-26T07:29:00", "id": "F5:K61095244", "href": "https://support.f5.com/csp/article/K61095244", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T20:04:31", "description": " * [CVE-2020-25066](<https://vulners.com/cve/CVE-2020-25066>)\n\nA heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.\n\n * [CVE-2020-27336](<https://vulners.com/cve/CVE-2020-27336>)\n\nAn issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access.\n\n * [CVE-2020-27337](<https://vulners.com/cve/CVE-2020-27337>)\n\nAn issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access.\n\n * [CVE-2020-27338](<https://vulners.com/cve/CVE-2020-27338>)\n\nAn issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T02:39:00", "type": "f5", "title": "Multiple Treck vulnerabilities CVE-2020-25066, CVE-2020-27336, CVE-2020-27337, and CVE-2020-27338", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25066", "CVE-2020-27336", "CVE-2020-27337", "CVE-2020-27338"], "modified": "2021-01-13T02:39:00", "id": "F5:K44834280", "href": "https://support.f5.com/csp/article/K44834280", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T20:08:05", "description": " * [CVE-2020-8750](<https://vulners.com/cve/CVE-2020-8750>)\n\nUse after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n * [CVE-2020-12355](<https://vulners.com/cve/CVE-2020-12355>)\n\nAuthentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-26T07:30:00", "type": "f5", "title": "Intel software vulnerabilities CVE-2020-8750 CVE-2020-12355", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12355", "CVE-2020-8750"], "modified": "2020-11-26T07:30:00", "id": "F5:K21882212", "href": "https://support.f5.com/csp/article/K21882212", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:38:40", "description": "[![](https://thehackernews.com/images/-UD0rDsl5aC0/X-Lo00vPygI/AAAAAAAABUw/roisEcRSbQ4jssrvBxOQ_cD2MlnVzsZUwCLcBGAsYHQ/s0/iot-devices.jpg)](<https://thehackernews.com/images/-UD0rDsl5aC0/X-Lo00vPygI/AAAAAAAABUw/roisEcRSbQ4jssrvBxOQ_cD2MlnVzsZUwCLcBGAsYHQ/s0/iot-devices.jpg>)\n\nThe US Cybersecurity Infrastructure and Security Agency (CISA) has [warned](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>) of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks.\n\nThe four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two of these are rated critical in severity.\n\nTreck's embedded TCP/IP stack is deployed worldwide in manufacturing, information technology, healthcare, and transportation systems.\n\nThe most severe of them is a heap-based buffer overflow vulnerability (**CVE-2020-25066**) in the Treck HTTP Server component that could permit an adversary to crash or reset the target device and even execute remote code. It has a CVSS score of 9.8 out of a maximum of 10.\n\nThe second flaw is an out-of-bounds write in the IPv6 component (**CVE-2020-27337**, CVSS score 9.1) that could be exploited by an unauthenticated user to cause a DoS condition via network access.\n\nTwo other vulnerabilities concern an out-of-bounds read in the IPv6 component (**CVE-2020-27338**, CVSS score 5.9) that could be leveraged by an unauthenticated attacker to cause DoS and an improper input validation in the same module (**CVE-2020-27336**, CVSS score 3.7) that could result in an out-of-bounds read of up to three bytes via network access.\n\nTreck [recommends](<https://treck.com/vulnerability-response-information/>) users to update the stack to version 6.0.1.68 to address the flaws. In cases where the latest patches cannot be applied, it's advised that firewall rules are implemented to filter out packets that contain a negative content-length in the HTTP header.\n\nThe disclosure of new flaws in Treck TCP/IP stack comes six months after Israeli cybersecurity company JSOF uncovered 19 vulnerabilities in the software library \u2014 dubbed [Ripple20](<https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html>) \u2014 that could make it possible for attackers to gain complete control over targeted IoT devices without requiring any user interaction.\n\nWhat's more, earlier this month, Forescout researchers revealed 33 vulnerabilities \u2014 collectively called [AMNESIA:33](<https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html>) \u2014 impacting open-source TCP/IP protocol stacks that could be abused by a bad actor to take over a vulnerable system.\n\nGiven the complex IoT supply chain involved, the company has released a new detection tool called \"project-memoria-detector\" to identify whether a target network device runs a vulnerable TCP/IP stack in a lab setting.\n\nYou can access the tool via GitHub [here](<https://github.com/Forescout/project-memoria-detector>).\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-23T06:51:00", "type": "thn", "title": "New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25066", "CVE-2020-27336", "CVE-2020-27337", "CVE-2020-27338"], "modified": "2020-12-23T06:51:43", "id": "THN:16FE02C52CCB308E7739CDE97FA32A3C", "href": "https://thehackernews.com/2020/12/new-critical-flaws-in-treck-tcpip-stack.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2023-06-02T15:07:17", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n * **ATTENTION: **Exploitable remotely\n * **Vendor:** Treck Inc.\n * **Equipment:** TCP/IP\n * **Vulnerability**: Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write\n\nThe Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX.\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-20-353-01 Treck TCP/IP Stack that was published December 18, 2020, to the ICS webpage on us-cert.cisa.gov.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability may allow remote code execution and a denial-of-service condition.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nThe following components of Treck TCP/IP stack Version 6.0.1.67 and prior are affected:\n\n * HTTP Server \n * IPv6\n * DHCPv6\n\n### 4.2 VULNERABILITY OVERVIEW\n\n#### 4.2.1 [HEAP-BASED BUFFER OVERFLOW CWE-122](<https://cwe.mitre.org/data/definitions/122.html>)\n\nA vulnerability in Treck HTTP Server components allow an attacker to cause a denial-of-service condition. This vulnerability may also result in arbitrary code execution.\n\n[CVE-2020-25066](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25066>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 4.2.2 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nAn out-of-bounds write in the IPv6 component may allow an unauthenticated user to potentially cause a possible denial-of-service via network access.\n\n[CVE-2020-27337](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27337>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H>)).\n\n#### 4.2.3 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nAn issue was discovered in Treck IPv6. An out-of-bound read in the DHCPv6 client component may allow an unauthenticated user to cause a possible denial-of-service via adjacent network access.\n\n[CVE-2020-27338](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27338>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H>)).\n\n#### 4.2.4 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nImproper input validation in the IPv6 component may allow an unauthenticated user to cause an out-of-bounds read of up to three bytes via network access.\n\n[CVE-2020-27336](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27336>) has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Information Technology, Healthcare and Public Health, Transportation Systems\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **United States\n\n### 4.4 RESEARCHER\n\n**\\--------- Begin Update A Part 1 of 1 ---------**\n\nArie Haenel, Ofek Mostovoy, Yaakov Cohen, Yocheved Butterman, and Yossef Kuszer from Intel reported these vulnerabilities to Treck.\n\n**\\--------- End Update A Part 1 of 1 ---------**\n\n## 5\\. MITIGATIONS\n\nTreck recommends users apply the latest version of the affected products (Treck TCP/IP 6.0.1.68 or later versions). To obtain patches, email [security@treck.com](<mailto:security@treck.com>)\n\nTreck recommends users who cannot apply the latest patches to implement firewall rules to filter out packets that contain a negative content length in the HTTP header.\n\nFor more detailed information on the vulnerabilities and the mitigating controls, please see the [Treck advisory](<https://treck.com/vulnerability-response-information/>). \n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nHigh skill level is needed to exploit. No known public exploits specifically target these vulnerabilities.\n\n### Vendor\n\nTreck\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-26T12:00:00", "type": "ics", "title": "Treck TCP/IP Stack (Update A)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25066", "CVE-2020-27336", "CVE-2020-27337", "CVE-2020-27338"], "modified": "2021-01-26T12:00:00", "id": "ICSA-20-353-01", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-353-01", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-02T15:04:27", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.8**\n * **ATTENTION:** Low attack complexity\n * **Vendor: **Siemens\n * **Equipment: **SIMATIC S7-1500 CPU 1518F-4\n * **Vulnerabilities:** Improper Initialization, Improper Restriction of Operations within the Bounds of a Memory Buffer\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these Intel product vulnerabilities could allow unauthorized privilege escalation.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of SIMATIC S7-1500 CPU 1518-4, are affected by vulnerabilities in Intel products:\n\n * SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant): All versions\n * SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0): All versions\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [IMPROPER INITIALIZATION CWE-665](<https://cwe.mitre.org/data/definitions/665.html>)\n\nImproper initialization in subsystem for Intel(R) CSME may allow a privileged user to enable escalation of privilege via local access.\n\n[CVE-2020-8744](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8744>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nImproper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to enable escalation of privilege via local access.\n\n[CVE-2020-0591](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0591>) has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 3.4 RESEARCHER\n\nSiemens reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce risk:\n\n * As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems. Siemens recommends limiting the possibilities to run untrusted code if possible.\n * Applying a Defense-in-Depth concept can help to reduce the probability that untrusted code is run on the system. Siemens recommends applying the [Defense-in-Depth concept](<https://www.siemens.com/industrialsecurity>).\n\nFor additional information, please refer to Siemens Security Advisory [SSA-501073 ](<https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nCISA also recommends users take the following measures to protect themselves from social engineering attacks:\n\n * Do not click web links or open unsolicited attachments in email messages.\n * Refer to [Recognizing and Avoiding Email Scams](<https://us-cert.cisa.gov/sites/default/files/publications/emailscams_0905.pdf>) for more information on avoiding email scams.\n * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://us-cert.cisa.gov/ncas/tips/ST04-014>) for more information on social engineering attacks.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.\n\n### Vendor\n\nSiemens\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-11T12:00:00", "type": "ics", "title": "Siemens SIMATIC S7-1500", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0591", "CVE-2020-8744"], "modified": "2021-05-11T12:00:00", "id": "ICSA-21-131-15", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-15", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:17:18", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.8**\n * **ATTENTION:** Low attack complexity\n * **Vendor:** Siemens\n * **Equipment:** Industrial PCs and CNC devices\n * **Vulnerabilities:** Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, Improper Privilege Management\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-22-132-05 Siemens Industrial PCs and CNC devices that was published May 12, 2022, on the ICS webpage on cisa.gov/ICS\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities may allow an authenticated user to enable escalation of privilege via local access.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nSiemens reports these vulnerabilities affect the following Industrial PCs and CNC devices:\n\n * SIMATIC Drive Controller family: All versions prior to v05.00.01.00\n * SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All versions prior to v0209_0105\n * SIMATIC Field PG M5: All BIOS versions prior to v22.01.08\n\n**\\--------- Begin Update A Part 1 of 2 ---------**\n\n * SIMATIC Field PG M6: All versions prior to v26.01.08\n\n**\\--------- End Update A Part 1 of 2 ---------**\n\n * SIMATIC IPC127E: All versions\n * SIMATIC IPC427E (incl. SIPLUS variants): All BIOS versions prior to v21.01.15\n * SIMATIC IPC477E: All BIOS versions prior to v21.01.15\n * SIMATIC IPC477E Pro: All BIOS versions prior to v21.01.15\n * SIMATIC IPC527G: All BIOS versions prior to v1.4.0\n * SIMATIC IPC527G: All BIOS versions prior to v1.4.0\n * SIMATIC IPC547G: All versions prior to R1.30.0\n * SIMATIC IPC627E: All BIOS versions prior to v25.02.08\n * SIMATIC IPC647E: All BIOS versions prior to v25.02.08\n * SIMATIC IPC677E: All BIOS versions prior to v25.02.08\n * SIMATIC IPC847E: All BIOS versions prior to v25.02.08\n * SIMATIC ITP1000: All BIOS versions prior to v23.01.08\n * SINUMERIK 828D HW PU.4: All versions prior to v08.00.00.00\n * SINUMERIK MC MCU 1720: All versions prior to v05.00.00.00\n * SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions\n * SINUMERIK ONE NCU 1740: All versions prior to v04.00.00.00\n * SINUMERIK ONE PPU 1740: All versions prior to v06.00.00.00\n\n### 4.2 VULNERABILITY OVERVIEW\n\n#### 4.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nImproper input validation in BIOS firmware for some Intel processors may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n[CVE-2020-0590](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0590>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C>)).\n\n#### 4.2.2 [IMPROPER AUTHENTICATION CWE-287](<https://cwe.mitre.org/data/definitions/287.html>)\n\nInsufficient access control in the Linux kernel driver for some Intel processors may allow an authenticated user to potentially enable information disclosure via local access.\n\n[CVE-2020-8694](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8694>) has been assigned to this vulnerability. A CVSS v3 base score of 5.6 has been calculated; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C>)).\n\n#### 4.2.3 [IMPROPER ISOLATION OF SHARED RESOURCES ON SYSTEM-ON-A-CHIP CWE-1189](<https://cwe.mitre.org/data/definitions/1189.html>)\n\nImproper isolation of shared resources in some Intel processors may allow an authenticated user to potentially enable information disclosure via local access.\n\n[CVE-2020-8698](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8698>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C>)).\n\n#### 4.2.4 [IMPROPER PRIVILEGE MANAGEMENT CWE-269](<https://cwe.mitre.org/data/definitions/269.html>)\n\nInsufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\n[CVE-2020-8745](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8745>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Multiple Sectors\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 4.4 RESEARCHER\n\nSiemen reported these vulnerabilities to CISA.\n\n## 5\\. MITIGATIONS\n\nSiemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.\n\n * SIMATIC Drive Controller family: Update BIOS to v05.00.01.00. The update can be obtained from a Siemens account manager\n * SIMATIC ET 200SP Open Controller CPU 1515SP PC2: [Update BIOS to v0209_0105](<https://support.industry.siemens.com/cs/ww/en/view/109743969/>) or later versions\n * SIMATIC Field PG M5: [Update BIOS to v22.01.08](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n\n**\\--------- Begin Update A Part 2 of 2 ---------**\n\n * SIMATIC Field PG M6: [Update BIOS to v26.01.08](<https://support.industry.siemens.com/cs/ww/en/view/109763408>) or later version\n\n**\\--------- End Update A Part 2 of 2 ---------**\n\n * SIMATIC IPC127E: [Update BIOS to v27.01.05](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC427E (incl. SIPLUS variants): [Update BIOS to v21.01.15](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC477E: [Update BIOS to v21.01.15](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC477E Pro: [Update BIOS to v21.01.15](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC527G: [Update BIOS to v1.4.0](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC547G: [Update BIOS to R1.30.0](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC627E: [Update BIOS to v25.02.08](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC647E: [Update BIOS to v25.02.08](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC677E: [Update BIOS to v25.02.08](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC IPC847E: [Update BIOS to v25.02.08](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SIMATIC ITP1000: [Update BIOS to v23.01.08](<https://support.industry.siemens.com/cs/ww/en/view/109763408>)\n * SINUMERIK 828D HW PU.4: Update BIOS to v08.00.00.00. SINUMERIK software can be obtained from a Siemens account manager\n * SINUMERIK MC MCU 1720: Update BIOS to v05.00.00.00. SINUMERIK software can be obtained from a Siemens account manager\n * SINUMERIK ONE NCU 1740: Update BIOS to v04.00.00.00. SINUMERIK software can be obtained from a Siemens account manager\n * SINUMERIK ONE PPU 1740: Update BIOS to v06.00.00.00. SINUMERIK software can be obtained from a Siemens account manager\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce risk:\n\n * Siemens recommends limiting the possibilities to run untrusted code.\n * Siemens recommends [applying the defense-in-depth concept](<https://www.siemens.com/industrialsecurity>) to reduce the probability for untrusted code to run on the system.\n\nAs a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to [Siemens\u2019 operational guidelines for industrial security](<https://www.siemens.com/cert/operational-guidelines-industrial-security>) and following recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found on the [Siemens industrial security webpage](<https://www.siemens.com/industrialsecurity>).\n\nFor more information see Siemens Security Advisory [SSA-678983](<https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/uscert/ics/recommended-practices>) on the [ICS webpage on cisa.gov](<https://cisa.gov/ics>) Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on cisa.gov](<https://cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.\n\n### Vendor\n\nSiemens\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-15T12:00:00", "type": "ics", "title": "Siemens Industrial PCs and CNC devices (Update A)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0590", "CVE-2020-8694", "CVE-2020-8698", "CVE-2020-8745"], "modified": "2022-12-15T12:00:00", "id": "ICSA-22-132-05", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-05", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-06T14:42:31", "description": "An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-22T22:15:00", "type": "cve", "title": "CVE-2020-27336", "cwe": ["CWE-125", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27336"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-27336", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27336", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T14:42:28", "description": "An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-22T22:15:00", "type": "cve", "title": "CVE-2020-27338", "cwe": ["CWE-125", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27338"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-27338", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27338", "cvss": {"score": 4.8, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:18:37", "description": "Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-12304", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12304"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-12304", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12304", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:18:47", "description": "Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-12355", "cwe": ["CWE-294"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12355"], "modified": "2020-11-24T20:51:00", "cpe": [], "id": "CVE-2020-12355", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12355", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:18:46", "description": "Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-12354", "cwe": ["CWE-276"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12354"], "modified": "2020-11-24T20:45:00", "cpe": [], "id": "CVE-2020-12354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12354", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:18:33", "description": "Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-12297", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12297"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:intel:trusted_execution_technology:4.0.30", "cpe:/a:intel:trusted_execution_technology:3.1.80"], "id": "CVE-2020-12297", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12297", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:intel:trusted_execution_technology:4.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:intel:trusted_execution_technology:3.1.80:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:18:36", "description": "Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-12303", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12303"], "modified": "2020-11-24T17:16:00", "cpe": ["cpe:/a:intel:trusted_execution_technology:4.0.30", "cpe:/a:intel:trusted_execution_technology:3.1.80"], "id": "CVE-2020-12303", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12303", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:intel:trusted_execution_technology:4.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:intel:trusted_execution_technology:3.1.80:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:18:46", "description": "Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-12356", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12356"], "modified": "2023-05-22T15:31:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-12356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12356", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:11", "description": "Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8760", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8760"], "modified": "2023-05-22T15:29:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8760", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:12", "description": "Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8761", "cwe": ["CWE-326"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8761"], "modified": "2020-11-30T16:10:00", "cpe": [], "id": "CVE-2020-8761", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8761", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T15:05:14", "description": "Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8757", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8757"], "modified": "2023-05-22T15:29:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8757", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8757", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:10", "description": "Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8754", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8754"], "modified": "2023-05-22T15:30:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8754", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:42:28", "description": "An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2020-12-22T22:15:00", "type": "cve", "title": "CVE-2020-27337", "cwe": ["CWE-20", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27337"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-27337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T15:05:10", "description": "Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8753", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8753"], "modified": "2023-05-22T15:30:00", "cpe": [], "id": "CVE-2020-8753", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8753", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T15:05:10", "description": "Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8751", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8751"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-8751", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8751", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T15:05:10", "description": "Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8752", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8752"], "modified": "2023-05-22T15:30:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8752", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:10", "description": "Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8755", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8755"], "modified": "2020-11-20T16:49:00", "cpe": [], "id": "CVE-2020-8755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8755", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T15:05:12", "description": "Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8756", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8756"], "modified": "2020-11-24T16:51:00", "cpe": [], "id": "CVE-2020-8756", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8756", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T15:05:08", "description": "Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8746", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8746"], "modified": "2023-05-22T15:31:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8746", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8746", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:10", "description": "Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8747", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8747"], "modified": "2023-05-22T15:30:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8747", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8747", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:09", "description": "Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8749", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8749"], "modified": "2023-05-22T15:30:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8749", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8749", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:08", "description": "Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8750", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8750"], "modified": "2020-11-30T15:08:00", "cpe": [], "id": "CVE-2020-8750", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8750", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T15:05:12", "description": "Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8744", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8744"], "modified": "2022-10-19T13:29:00", "cpe": ["cpe:/o:siemens:simatic_s7-1500_firmware:-", "cpe:/o:siemens:simatic_s7-1518f-4_pn\\/dp_mfp_firmware:-", "cpe:/o:siemens:simatic_s7-1518-4_pn\\/dp_mfp_firmware:-"], "id": "CVE-2020-8744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8744", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:siemens:simatic_s7-1518f-4_pn\\/dp_mfp_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-1500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-1518-4_pn\\/dp_mfp_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:04:46", "description": "Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8705", "cwe": ["CWE-1188"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8705"], "modified": "2020-11-30T14:40:00", "cpe": ["cpe:/a:intel:server_platform_services:sps_e3_04.01.04.200", "cpe:/a:intel:trusted_execution_technology:4.0.30", "cpe:/a:intel:server_platform_services:sps_e5_04.01.04.400", "cpe:/a:intel:server_platform_services:sps_soc-a_04.00.04.300", "cpe:/a:intel:server_platform_services:sps_soc-x_04.00.04.200", "cpe:/a:intel:trusted_execution_technology:3.1.80"], "id": "CVE-2020-8705", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8705", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:intel:server_platform_services:sps_soc-a_04.00.04.300:*:*:*:*:*:*:*", "cpe:2.3:a:intel:trusted_execution_technology:4.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:intel:server_platform_services:sps_e3_04.01.04.200:*:*:*:*:*:*:*", "cpe:2.3:a:intel:trusted_execution_technology:3.1.80:*:*:*:*:*:*:*", "cpe:2.3:a:intel:server_platform_services:sps_e5_04.01.04.400:*:*:*:*:*:*:*", "cpe:2.3:a:intel:server_platform_services:sps_soc-x_04.00.04.200:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:07", "description": "Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8745", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8745"], "modified": "2022-10-14T11:23:00", "cpe": ["cpe:/o:siemens:sinumerik_one_firmware:-", "cpe:/o:siemens:sinumerik_840d_sl_ht_10_firmware:-", "cpe:/o:siemens:simatic_field_pg_m6_firmware:-"], "id": "CVE-2020-8745", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8745", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:siemens:sinumerik_one_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:sinumerik_840d_sl_ht_10_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:-:*:*:*:*:*:*:*"]}], "cert": [{"lastseen": "2023-06-06T14:56:11", "description": "### Overview\n\nThe Replay Protected Memory Block (RPMB) protocol found in several storage specifications does not securely protect against replay attacks. An attacker with physical access can deceive a trusted component about the status of an RPBM write command or the content of an RPMB area.\n\n### Description\n\nThe [RPMB](<https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-emmc-security.pdf>) protocol \"...enables a device to store data in a small, specific area that is authenticated and protected against replay attack.\" RPMB is most commonly found in mobile phones and tablets using flash storage technology such as eMMC, UFS, and NVMe. The RPMB protocol allows an attacker to replay stale write failure messages and write commands, leading to state confusion between a trusted component and the contents of an RPMB area. Additional details are available in [Replay Attack Vulnerabilities in RPMB Protocol Applications](<https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications>).\n\n### Impact\n\nAn attacker with physical access to a device can cause a mismatch between the write state or contents of the RPMB area and a trusted component of the device. These mismatches can lead to the trusted component believing a write command failed when in fact it succeeded, or the trusted component believing that certain content was written when in fact different content (unmodified by the attacker) was written. Further implications depend on the specific device and use of RPMB. At least one affected vendor has confirmed that denial of service\n\n### Solution\n\nPlease see the Vendor Information section below. Further vendor information is available in [Replay Attack Vulnerabilities in RPMB Protocol Applications](<https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications>).\n\n### Acknowledgements\n\nRotem Sela and Brian Mastenbrook of Western Digital identified this vulnerability. Western Digital coordinated its disclosure with the affected vendors. Thanks [Western Digital PSIRT](<https://www.westerndigital.com/support/productsecurity>)!\n\nThis document was written by Eric Hatleback.\n\n### Vendor Information\n\n231329\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Google Affected\n\nUpdated: 2020-11-10 **CVE-2020-0436**| Affected \n---|--- \n**CVE-2020-12355**| Not Affected \n**CVE-2020-13799**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Affected\n\nUpdated: 2020-11-10 **CVE-2020-0436**| Not Affected \n---|--- \n**CVE-2020-12355**| Affected \n**CVE-2020-13799**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MediaTek Affected\n\nUpdated: 2020-11-10 **CVE-2020-0436**| Not Affected \n---|--- \n**CVE-2020-12355**| Not Affected \n**CVE-2020-13799**| Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Western Digital Technologies Not Affected\n\nNotified: 2020-11-05 Updated: 2020-11-16 **CVE-2020-0436**| Not Affected \n---|--- \n**CVE-2020-12355**| Not Affected \n**CVE-2020-13799**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n \n\n\n### References\n\n * <https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications>\n * <https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-replay-protected-memory-block-protocol-vulernabilities.pdf>\n * <https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-emmc-security.pdf>\n * <https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2020-0436 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-0436>) [CVE-2020-12355 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-12355>) [CVE-2020-13799 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-13799>) \n---|--- \n**Date Public:** | 2020-11-10 \n**Date First Published:** | 2020-11-10 \n**Date Last Updated: ** | 2020-11-16 19:08 UTC \n**Document Revision: ** | 3 \n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "cert", "title": "Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0436", "CVE-2020-12355", "CVE-2020-13799"], "modified": "2020-11-16T19:08:00", "id": "VU:231329", "href": "https://www.kb.cert.org/vuls/id/231329", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2020-11-10T21:33:13", "description": "A massive Intel security update this month addresses flaws across a myriad of products \u2013 most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges.\n\nThese critical flaws exist in products related to Wireless Bluetooth \u2013 including various Intel Wi-Fi modules and wireless network adapters \u2013 as well as in its remote out-of-band management tool, Active Management Technology (AMT).\n\nOverall, Intel released [40 security advisories](<https://www.intel.com/content/www/us/en/security-center/default.html>) on Tuesday, each addressing critical-, high- and medium-severity vulnerabilities across various products. That by far trumps [October\u2019s Intel security update](<https://threatpost.com/google-intel-kernel-bug-linux-iot/160067/>), which resolved one high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet-of-things (IoT) devices.\n\n## **Critical Flaws**\n\n[One critical-severity vulnerability](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html>) exists in Intel AMT and Intel Standard Manageability (ISM). AMT, [which is used for remote out-of-band management of PCs](<https://threatpost.com/critical-intel-active-management-technology-flaw-allows-privilege-escalation/159036/>), is part of the Intel vPro platform (Intel\u2019s umbrella marketing term for its collection of computer hardware technologies) and is primarily used by enterprise IT shops for remote management of corporate systems. ISM has a similar function as AMT.\n\nThe flaw ([CVE-2020-8752](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8752>)) which ranks 9.4 out of 10 on the CvSS vulnerability-severity scale, stems from an out-of-bounds write error in IPv6 subsystem for Intel AMT and Intel ISM. If exploited, the flaw could allow an unauthenticated user to gain escalated privileges (via network access).\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nVersions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 are affected; users are urged to \u201cupdate to the latest version provided by the system manufacturer that addresses these issues.\u201d\n\nAnother critical-severity flaw ([CVE-2020-12321](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12321>)) exists in some Intel Wireless Bluetooth products before version 21.110. That bug, which scores 9.6 out of 10 on the CvSS scale, could allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. This means an attacker is required to have access to a shared physical network with the victim.\n\n[Affected products include](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html>) Intel Wi-Fi 6 AX200 and AX201, Intel Wireless-AC 9560, 9462, 9461 and 9260, Intel Dual Band Wireless-AC 8265, 8260 and 3168, Intel Wireless 7265 (Rev D) family and Intel Dual Band Wireless-AC 3165. Users of these products are recommended to update to version 21.110 or later.\n\n## **High-Severity Flaws**\n\nIntel also fixed multiple high-severity vulnerabilities, including a path traversal in its Endpoint Management Assistant ([CVE-2020-12315](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12315>)) \u2014 which provides tools to monitor and upgrade devices. This flaw could give an unauthenticated user escalated privileges via network access.\n\n[Four high-severity flaws exist](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html>) in Intel PROSet/Wireless Wi-Fi products before version 21.110. Intel PROSet/Wireless Wi-Fi software is used to set up, edit and manage Wi-Fi network profiles to connect to Wi-Fi networks.\n\nThese vulnerabilities stem from insufficient control-flow management ([CVE-2020-12313](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12313>)), improper input validation ([CVE-2020-12314](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12314>)), protection-mechanism failure ([CVE-2020-12318](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12318>)) and improper buffer restriction ([CVE-2020-12317](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12317>)). They can enable denial-of-service (DoS) attacks or privilege escalation.\n\nAnother high-severity flaw in Intel solid-state drive (SSD) products could allow an unauthenticated user to potentially enable information disclosure \u2013 if they have physical access to the device. The flaw ([CVE-2020-12309](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12309>)) stems from insufficiently protected credentials in the client SSD subsystems. A range of SSDs \u2013 including the Pro 6000p series, Pro 5450s and E 5100s series \u2013 [are affected and can be found here.](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362.html>)\n\nIntel\u2019s [Next Unit Computing (NUC) mini PC](<https://threatpost.com/intel-high-severity-flaws-nuc-modular-server-compute-module/154800/>) also had two high-severity flaws; including an insecure default variable initialization issue in the firmware ([CVE-2020-12336](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12336>)), that could allow authenticated users (with local access) to escalate their privileges. The other is an improper buffer restriction in the firmware ([CVE-2020-12337](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12337>)) enabling privileged users to escalate privileges (via local access).\n\nOther high-severity flaws include an [improper buffer restriction](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00422.html>) ([CVE-2020-12325](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12325>)) in Intel Thunderbolt DCH drivers for Windows; an [improper access-control hole](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00429.html>) ([CVE-2020-12350](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12350>)) in Intel\u2019s Extreme Tuning Utility and an improper input-validation flaw ([CVE-2020-12347](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12347>)) in the [Intel Data Center Manager Console](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430.html>).\n\n**Hackers Put Bullseye on Healthcare: **[**On Nov. 18 at 2 p.m. EDT**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** find out why hospitals are getting hammered by ransomware attacks in 2020. **[**Save your spot for this FREE webinar**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this **[**LIVE**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)**, limited-engagement webinar.**\n", "cvss3": {}, "published": "2020-11-10T20:59:04", "type": "threatpost", "title": "Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-12309", "CVE-2020-12313", "CVE-2020-12314", "CVE-2020-12315", "CVE-2020-12317", "CVE-2020-12318", "CVE-2020-12321", "CVE-2020-12325", "CVE-2020-12336", "CVE-2020-12337", "CVE-2020-12347", "CVE-2020-12350", "CVE-2020-8752"], "modified": "2020-11-10T20:59:04", "id": "THREATPOST:D2398CA9B354449C8FCA1436DF9E5877", "href": "https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/", "cvss": {"score": 0.0, "vector": "NONE"}}]}

2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory

Description

Related