LenovoLENOVO:PS500330-NOSIDIntel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Lenovo Security Advisory: LEN-30041
Potential Impact: Privilege escalation, denial of service, information disclosure
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2020-0542, CVE-2020-0532, CVE-2020-0538, CVE-2020-0534, CVE-2020-0541, CVE-2020-0533, CVE-2020-0537, CVE-2020-0531, CVE-2020-,0535, CVE-2020-0536, CVE-2020-0545, CVE-2020-0540, CVE-2020-0566, CVE-2020-0539, CVE-2020-0586, CVE-2020-0594, CVE-2020-0595, CVE-2020-0596, CVE-2020-8674 , CVE-2020-0597, CVE-2020-11899, CVE-2020-11900, CVE-2020-11905
Summary Description:
Intel reported potential security vulnerabilities in Intel Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Dynamic Application Loader (DAL) that may allow escalation of privilege, denial of service or information disclosure.
The following CVEs assigned by Intel, correspond to a subset of the CVEs disclosed on 6/16/2020 as part of VU#257161:
Disclosed in INTEL-SA-00295
|
Disclosed in VU#257161
โ|โ
CVE-2020-0594, CVE-2020-0597
|
CVE-2020-11899
CVE-2020-0595
|
CVE-2020-11900
CVE-2020-8674
|
CVE-2020-11905
The remaining CVEs disclosed in VU#257161 have been assessedby Intel and found to be not applicable to Intel Products.
Mitigation Strategy for Customers (what you should do to protect yourself):
Intel recommends updating Intel CSME, Trusted Execution Engine, Intel Active Management Technology and Dynamic Application Loader to the version (or later) indicated for your model in the Product Impact section below.
Product Impact:
To download the version specified for your product below, follow these steps:
- Navigate to the Drivers & Software support site for your product:
- Lenovo Products (sold worldwide, except in China): https://support.lenovo.com/
- Lenovo Products (sold in China): <https://newsupport.lenovo.com.cn/>
- IBM-branded System x Legacy Products: <https://www.ibm.com/support/fixcentral/>
- Search for your product by name or machine type.
- Click Drivers & Software on the left menu panel.
- Click on Manual Update to browse by Component type.
- Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.
Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:
- PC Products and Software: <https://support.lenovo.com/us/en/solutions/ht504759>
- Server and Enterprise Software: <https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd> and <https://datacentersupport.lenovo.com/us/en/documents/lnvo-center>
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P