Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00404
HistoryJan 22, 2021 - 12:00 a.m.

Intel® AMT and Intel® ISM Advisory

2021-01-2200:00:00
Intel Security Center
www.intel.com
40
JSON

Summary:

Potential security vulnerability in Intel® Active Management Technology (AMT), and Intel® Standard Manageability (ISM) may allow escalation of privilege.** **Intel is releasing firmware updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2020-8758

Description: Improper buffer restrictions in network subsystem in provisioned Intel® AMT and Intel® ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.

CVSS Vector (Provisioned, unauthenticated, network):

CVSS Base Score: 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Vector (Un-provisioned, authenticated, local):

CVSS Base Score: 7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

Intel® AMT and Intel® ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39.

The following CVE assigned by Intel, corresponds to a CVE disclosed on 12/18/2020 as part of ICSA-20-353-01:

Disclosed in INTEL-SA-00404

|

Disclosed in ICSA-20-353-01

—|—

CVE-2020-8758

|

CVE-2020-25066

Note: Firmware versions of Intel® ME 3.x thru 10.x, Intel® TXE 1.x thru 2.x, and Intel® Server Platform Services 1.x thru 2.X are no longer supported versions. There is no new general release planned for these versions.

Recommendations:

Intel recommends that users of Intel® AMT and Intel® ISM update to the latest version provided by the system manufacturer that addresses these issues.****

Acknowledgements:

This issue was found internally by Intel employees. Intel would like to thank Yaakov Cohen, Yocheved Butterman and Yossef Kuszer.****

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

lenovo 2
hp 1
cve 2
prion 2
thn 1
ics 1
f5 1
threatpost 1
lenovo
lenovo
Intel AMT and Intel ISM Advisory - Lenovo Support NL
2020-09-06 19:24:27
Intel AMT and Intel ISM Advisory - Lenovo Support US
2020-09-06 19:24:27
hp
hp
HPSBHF03685 rev. 2 - Intel® AMT and Intel® ISM September 2020 Security Updates
2020-09-04 00:00:00
cve
cve
CVE-2020-8758
2020-09-10 15:16:00
CVE-2020-25066
2020-12-22 22:15:00
prion
prion
Heap overflow
2020-12-22 22:15:00
Buffer overflow
2020-09-10 15:16:00
thn
thn
New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices
2020-12-23 06:51:00
ics
ics
Treck TCP/IP Stack (Update A)
2021-01-26 12:00:00
f5
f5
K44834280 : Multiple Treck vulnerabilities CVE-2020-25066, CVE-2020-27336, CVE-2020-27337, and CVE-2020-27338
2021-01-13 00:00:00
threatpost
threatpost
Critical Intel Active Management Technology Flaw Allows Privilege Escalation
2020-09-08 20:34:34
JSON
Related for INTEL:INTEL-SA-00404
lenovo2hp1cve2prion2thn1ics1f51threatpost1