LenovoLENOVO:PS500414-INTEL-CSME-SPS-AND-LMS-ADVISORY-NOSIDIntel CSME, SPS, and LMS Advisory - Lenovo Support NL
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
**Lenovo Security Advisory:**LEN-51731
**Potential Impact:**Privilege escalation, information disclosure, denial of service
**Severity:**High
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2020-24508, CVE-2020-24509, CVE-2020-8704, CVE-2020-24507, CVE-2020-8703, CVE-2020-24506
Summary Description:
Intel reported potential security vulnerabilities in the Intel Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), and Intel Local Manageability Service (Intel LMS) that may allow escalation of privilege, denial of service or information disclosure.
Mitigation Strategy for Customers (what you should do to protect yourself):
Intel recommends updating Intel CSME, Intel SPS, and Intel LMS to the version (or newer) of firmware and software indicated for your model in the Product Impact section below.
Related
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P