DATABASE RESOURCES PRICING ABOUT US

{"id": "WMI_INTEL-SA-00391.NBIN", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Intel Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391)", "description": "The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following:\n\n - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. (CVE-2020-8752)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. (CVE-2020-8747)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-8749)\n\nNote that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this time.", "published": "2020-11-20T00:00:00", "modified": "2023-06-01T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/143151", "reporter": "This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8761", "http://www.nessus.org/u?d2fdd021", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12356", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8745", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12297", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8705", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8751", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12303", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8756", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8757", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12354", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8749"], "cvelist": ["CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8752"], "immutableFields": [], "lastseen": "2023-06-02T15:36:55", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8752"]}, {"type": "f5", "idList": ["F5:K23033557"]}, {"type": "hp", "idList": ["HP:C06962103"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00391"]}, {"type": "nessus", "idList": ["INTEL_SA_00391.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:D2398CA9B354449C8FCA1436DF9E5877"]}]}, "score": {"value": 3.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12354", "CVE-2020-12356", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"]}, {"type": "f5", "idList": ["F5:K23033557", "F5:K35925420", "F5:K43877335", "F5:K45573415", "F5:K61095244"]}, {"type": "hp", "idList": ["HP:C06962103"]}, {"type": "nessus", "idList": ["INTEL_SA_00391.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813197"]}, {"type": "threatpost", "idList": ["THREATPOST:D2398CA9B354449C8FCA1436DF9E5877"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-12297", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-12303", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-12354", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-12356", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-8705", "epss": 0.00125, "percentile": 0.45682, "modified": "2023-05-07"}, {"cve": "CVE-2020-8744", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}, {"cve": "CVE-2020-8745", "epss": 0.00072, "percentile": 0.29198, "modified": "2023-05-07"}, {"cve": "CVE-2020-8746", "epss": 0.00061, "percentile": 0.237, "modified": "2023-05-07"}, {"cve": "CVE-2020-8747", "epss": 0.00204, "percentile": 0.5692, "modified": "2023-05-07"}, {"cve": "CVE-2020-8749", "epss": 0.00068, "percentile": 0.27736, "modified": "2023-05-07"}, {"cve": "CVE-2020-8751", "epss": 0.00075, "percentile": 0.30532, "modified": "2023-05-07"}, {"cve": "CVE-2020-8752", "epss": 0.00221, "percentile": 0.58852, "modified": "2023-05-07"}, {"cve": "CVE-2020-8753", "epss": 0.00158, "percentile": 0.5089, "modified": "2023-05-07"}, {"cve": "CVE-2020-8754", "epss": 0.00158, "percentile": 0.5089, "modified": "2023-05-07"}, {"cve": "CVE-2020-8755", "epss": 0.00087, "percentile": 0.35383, "modified": "2023-05-07"}, {"cve": "CVE-2020-8756", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-8757", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-8760", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-8761", "epss": 0.00055, "percentile": 0.20839, "modified": "2023-05-07"}], "vulnersScore": 3.4}, "_state": {"dependencies": 1685722776, "score": 1685720289, "epss": 0}, "_internal": {"score_hash": "2cdc2bd32560501467cb076d715fa9a4"}, "pluginID": "143151", "sourceData": "Binary data wmi_INTEL-SA-00391.nbin", "naslFamily": "Windows", "cpe": ["cpe:/h:intel:active_management_technology", "cpe:/o:intel:active_management_technology_firmware"], "solution": "Contact your system OEM for updated firmware per the vendor advisory.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2020-8752", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-11-10T00:00:00", "vulnerabilityPublicationDate": "2020-11-10T00:00:00", "exploitableWith": []}

{"f5": [{"lastseen": "2023-02-21T20:08:06", "description": " * [CVE-2020-8746](<https://vulners.com/cve/CVE-2020-8746>)\n\nInteger overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.\n\n * [CVE-2020-8747](<https://vulners.com/cve/CVE-2020-8747>)\n\nOut-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.\n\n * [CVE-2020-8749](<https://vulners.com/cve/CVE-2020-8749>)\n\nOut-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n\n * [CVE-2020-8752](<https://vulners.com/cve/CVE-2020-8752>)\n\nOut-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.\n\n * [CVE-2020-8753](<https://vulners.com/cve/CVE-2020-8753>)\n\nOut-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-26T07:21:00", "type": "f5", "title": "Intel software vulnerabilities CVE-2020-8746, CVE-2020-8747, CVE-2020-8749, CVE-2020-8752, CVE-2020-8753", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8752", "CVE-2020-8753"], "modified": "2020-11-26T07:25:00", "id": "F5:K23033557", "href": "https://support.f5.com/csp/article/K23033557", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-06T15:05:10", "description": "Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8752", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8752"], "modified": "2023-05-22T15:30:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8752", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:09", "description": "Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8749", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8749"], "modified": "2023-05-22T15:30:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8749", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8749", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T15:05:10", "description": "Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-12T18:15:00", "type": "cve", "title": "CVE-2020-8747", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8747"], "modified": "2023-05-22T15:30:00", "cpe": ["cpe:/a:netapp:cloud_backup:-"], "id": "CVE-2020-8747", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8747", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-05-18T15:25:23", "description": "The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported, is a version containing multiple vulnerabilities, including the following:\n\n - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. (CVE-2020-8752)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. (CVE-2020-8747)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-8749)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-20T00:00:00", "type": "nessus", "title": "Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12354", "CVE-2020-12356", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "modified": "2020-11-24T00:00:00", "cpe": ["cpe:/h:intel:active_management_technology", "cpe:/o:intel:active_management_technology_firmware"], "id": "INTEL_SA_00391.NASL", "href": "https://www.tenable.com/plugins/nessus/143152", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143152);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\n \"CVE-2020-8705\",\n \"CVE-2020-8744\",\n \"CVE-2020-8745\",\n \"CVE-2020-8746\",\n \"CVE-2020-8747\",\n \"CVE-2020-8749\",\n \"CVE-2020-8751\",\n \"CVE-2020-8752\",\n \"CVE-2020-8753\",\n \"CVE-2020-8754\",\n \"CVE-2020-8755\",\n \"CVE-2020-8756\",\n \"CVE-2020-8757\",\n \"CVE-2020-8760\",\n \"CVE-2020-8761\",\n \"CVE-2020-12297\",\n \"CVE-2020-12303\",\n \"CVE-2020-12354\",\n \"CVE-2020-12356\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0534\");\n\n script_name(english:\"Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391) (remote check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The management engine on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its\nself-reported, is a version containing multiple vulnerabilities, including the following:\n\n - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80,\n 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of\n privileges via network access. (CVE-2020-8752)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and\n 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of\n service via network access. (CVE-2020-8747)\n\n - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and\n 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent\n access. (CVE-2020-8749)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2fdd021\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact your system OEM for updated firmware per the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8752\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:intel:active_management_technology\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:intel:active_management_technology_firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"intel_amt_remote_detect.nbin\");\n script_require_keys(\"installed_sw/Intel Active Management Technology\");\n script_require_ports(\"Services/www\", 16992, 16993, 16994, 16995, 623, 664);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nget_kb_item_or_exit('installed_sw/Intel Active Management Technology');\n\nport = get_http_port(default:16992);\n\napp = 'Intel Active Management Technology';\napp_info = vcf::get_app_info(app:app, port:port);\n\nconstraints = [\n { 'min_version' : '11.8', 'fixed_version' : '11.8.80' },\n { 'min_version' : '11.12', 'fixed_version' : '11.12.80' },\n { 'min_version' : '11.22', 'fixed_version' : '11.22.80' },\n { 'min_version' : '12.0', 'fixed_version' : '12.0.70' },\n { 'min_version' : '13.0', 'fixed_version' : '13.0.40' },\n { 'min_version' : '13.30', 'fixed_version' : '13.30.10' },\n { 'min_version' : '14.0', 'fixed_version' : '14.0.45' },\n { 'min_version' : '14.5', 'fixed_version' : '14.5.25' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "hp": [{"lastseen": "2023-06-02T14:57:03", "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service, Information Disclosure\n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Intel \n\n## VULNERABILITY SUMMARY\nIntel has informed HP of potential security vulnerabilities identified in Intel\u00ae Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel\u00ae Trusted Execution Engine (TXE), Intel\u00ae Dynamic Application Loader (DAL), Intel\u00ae Active Management Technology (AMT), Intel\u00ae Standard Manageability (ISM) and Intel\u00ae Dynamic Application Loader (Intel\u00ae DAL) that may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. \n\nIntel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel\u00ae DAL SDK.\n\n## RESOLUTION\nIntel has released updates to mitigate the potential vulnerabilities. HP has identified the affected platforms and the corresponding SoftPaq updated versions. See the affected platforms listed below. Newer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model. \n\nHP recommends keeping your system up to date with the latest firmware and software. \n\n> note:\n> \n> This bulletin may be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive: \n> \n> * Product support eAlerts\n> * Driver updates\n> * Security Bulletin updates\n\n**Pending:** SoftPaq is in progress. \n\n**Under investigation:** System under investigation for impact, or SoftPaq under investigation for feasibility/availability. \n\n**Not available: **SoftPaq not available due to technical or logistical constraints. \n\n**Check support page:**The listed SoftPaq has been removed from downloaded site. SoftPaqs with newer versions may be available on the HP Customer Support - Software and Driver Downloads site. \n", "cvss3": {}, "published": "2020-11-09T00:00:00", "type": "hp", "title": "HPSBHF03703 rev. 4 - Intel\u00ae 2020.2 IPU - CSME, SPS, TXE, AMT, and DAL Security Update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12304", "CVE-2020-12354", "CVE-2020-12355", "CVE-2020-12356", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8750", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "modified": "2021-06-02T00:00:00", "id": "HP:C06962103", "href": "https://support.hp.com/us-en/document/c06962103", "cvss": {"score": "8.2", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/"}}], "intel": [{"lastseen": "2023-02-08T18:04:14", "description": "### Summary: \n\nPotential security vulnerabilities in Intel\u00ae Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel\u00ae Trusted Execution Engine (TXE), Intel\u00ae Dynamic Application Loader (DAL), Intel\u00ae Active Management Technology (AMT), Intel\u00ae Standard Manageability (ISM) and Intel\u00ae Dynamic Application Loader (Intel\u00ae DAL) may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.\n\nIntel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel\u00ae DAL SDK.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2020-8752](<https://vulners.com/cve/CVE-2020-8752>)\n\nDescription: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.\n\nCVSS Base Score: 9.4 Critical\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8753](<https://vulners.com/cve/CVE-2020-8753>)\n\nDescription: Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L>)\n\nCVEID: [CVE-2020-12297](<https://vulners.com/cve/CVE-2020-12297>)\n\nDescription: Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-12304](<https://vulners.com/cve/CVE-2020-12304>)\n\nDescription: Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8745](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020->)\n\nDescription: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N>)\n\nCVEID: [CVE-2020-8744](<https://vulners.com/cve/CVE-2020-8744>)\n\nDescription: Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel\u00ae TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.2 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N>)\n\nCVEID: [CVE-2020-8705](<https://vulners.com/cve/CVE-2020-8705>)\n\nDescription: Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8750](<https://vulners.com/cve/CVE-2020-8750>)\n\nDescription: Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.0 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-12303](<https://vulners.com/cve/CVE-2020-12303>)\n\nDescription: Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel\u00ae TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.\n\nCVSS Base Score: 7.0 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)\n\nCVE ID: [CVE-2020-12354](<https://vulners.com/cve/CVE-2020-12354>)\n\nDescription: Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-8757](<https://vulners.com/cve/CVE-2020-8757>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8756](<https://vulners.com/cve/CVE-2020-8756>)\n\nDescription: Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVEID: [CVE-2020-8760](<https://vulners.com/cve/CVE-2020-8760>)\n\nDescription: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.0 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L>)\n\nCVE ID: [CVE-2020-12355](<https://vulners.com/cve/CVE-2020-12355>)\n\nDescription: Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N>)\n\nCVEID: [CVE-2020-8751](<https://vulners.com/cve/CVE-2020-8751>)\n\nDescription: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8754](<https://vulners.com/cve/CVE-2020-8754>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N>)\n\nCVEID: [CVE-2020-8761](<https://vulners.com/cve/CVE-2020-8761>)\n\nDescription: Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\nCVSS Base Score: 4.9 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8747](<https://vulners.com/cve/CVE-2020-8747>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.\n\nCVSS Base Score: 4.8 Medium\n\nCVSS Vector: [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L>)\n\nCVEID: [CVE-2020-8755](<https://vulners.com/cve/CVE-2020-8755>)\n\nDescription: Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 4.6 Medium\n\nCVSS Vector: [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N>)\n\nCVE ID: [CVE-2020-12356](<https://vulners.com/cve/CVE-2020-12356>)\n\nDescription: Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-8746](<https://vulners.com/cve/CVE-2020-8746>)\n\nDescription: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.\n\nCVSS Base Score: 4.3 Medium\n\nCVSS Vector: [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>)\n\nCVEID: [CVE-2020-8749](<https://vulners.com/cve/CVE-2020-8749>)\n\nDescription: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n\nCVSS Base Score: 4.2 Medium\n\nCVSS Vector: [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)\n\n### Affected Products:\n\n * Intel\u00ae CSME and Intel\u00ae AMT versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25.\n * Intel\u00ae TXE versions before 3.1.80 and 4.0.30.\n * Intel\u00ae Server Platform Services firmware versions before SPS_E5_04.01.04.400, SPS_E3_05.01.04.200, SPS_E3_04.01.04.200, SPS_SoC-X_04.00.04.200 and SPS_SoC-A_04.00.04.300. \n\n\nThe following CVEs assigned by Intel, correspond to a subset of the CVEs disclosed on 12/18/2020 as part of [ICSA-20-353-01](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>):\n\nDisclosed in INTEL-SA-00391\n\n| \n\nDisclosed in [ICSA-20-353-01](<https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01>) \n \n---|--- \n \nCVE-2020-8752\n\n| \n\nCVE-2020-27337 \n \nCVE-2020-8753\n\n| \n\nCVE-2020-27338 \n \nCVE-2020-8754\n\n| \n\nCVE-2020-27336 \n \nNote: Firmware versions of Intel\u00ae ME 3.x thru 10.x, Intel\u00ae TXE 1.x thru 2.x, and Intel\u00ae Server Platform Services 1.x thru 2.X are no longer supported versions. There is no new general release planned for these versions.\n\n### Recommendations:\n\nIntel recommends that users of Intel\u00ae CSME, Intel\u00ae TXE, Intel\u00ae AMT and Intel\u00ae SPS update to the latest version provided by the system manufacturer that addresses these issues.\n\nThe Intel\u00ae AMT SDK is available for download [here](<https://software.intel.com/content/www/us/en/develop/download/intel-active-management-technology-sdk.html>). \n\nIntel has issued a Product Discontinuation notice for the Intel\u00ae DAL SDK and recommends that users of the Intel\u00ae DAL SDK uninstall it or discontinue use at their earliest convenience.\n\n### Acknowledgements:\n\nIntel would like to thank Trammell Hudson (CVE-2020-8705), Marius Gabriel Mihai (CVE-2020-12354, CVE-2020-12304), Oussama Sahnoun (CVE-2020-12297), Rotem Sela and Brian Mastenbrook (CVE-2020-12355) for reporting these issues.\n\nThe additional issues were found internally by Intel employees. Intel would like to thank Arie Haenel, Aviya Erenfeld, Binyamin Belaciano, Dmitry Piotrovsky, Julien Lenoir, Niv Israely, Ofek Mostovoy, Yakov Cohen and Yossef Kuszer.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "intel", "title": "2020.2 IPU \u2013 Intel\u00ae CSME, SPS, TXE, and AMT\u00a0Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-12297", "CVE-2020-12303", "CVE-2020-12304", "CVE-2020-12354", "CVE-2020-12355", "CVE-2020-12356", "CVE-2020-27336", "CVE-2020-27337", "CVE-2020-27338", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8745", "CVE-2020-8746", "CVE-2020-8747", "CVE-2020-8749", "CVE-2020-8750", "CVE-2020-8751", "CVE-2020-8752", "CVE-2020-8753", "CVE-2020-8754", "CVE-2020-8755", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-8760", "CVE-2020-8761"], "modified": "2020-11-10T00:00:00", "id": "INTEL:INTEL-SA-00391", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2020-11-10T21:33:13", "description": "A massive Intel security update this month addresses flaws across a myriad of products \u2013 most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges.\n\nThese critical flaws exist in products related to Wireless Bluetooth \u2013 including various Intel Wi-Fi modules and wireless network adapters \u2013 as well as in its remote out-of-band management tool, Active Management Technology (AMT).\n\nOverall, Intel released [40 security advisories](<https://www.intel.com/content/www/us/en/security-center/default.html>) on Tuesday, each addressing critical-, high- and medium-severity vulnerabilities across various products. That by far trumps [October\u2019s Intel security update](<https://threatpost.com/google-intel-kernel-bug-linux-iot/160067/>), which resolved one high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet-of-things (IoT) devices.\n\n## **Critical Flaws**\n\n[One critical-severity vulnerability](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html>) exists in Intel AMT and Intel Standard Manageability (ISM). AMT, [which is used for remote out-of-band management of PCs](<https://threatpost.com/critical-intel-active-management-technology-flaw-allows-privilege-escalation/159036/>), is part of the Intel vPro platform (Intel\u2019s umbrella marketing term for its collection of computer hardware technologies) and is primarily used by enterprise IT shops for remote management of corporate systems. ISM has a similar function as AMT.\n\nThe flaw ([CVE-2020-8752](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8752>)) which ranks 9.4 out of 10 on the CvSS vulnerability-severity scale, stems from an out-of-bounds write error in IPv6 subsystem for Intel AMT and Intel ISM. If exploited, the flaw could allow an unauthenticated user to gain escalated privileges (via network access).\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nVersions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 are affected; users are urged to \u201cupdate to the latest version provided by the system manufacturer that addresses these issues.\u201d\n\nAnother critical-severity flaw ([CVE-2020-12321](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12321>)) exists in some Intel Wireless Bluetooth products before version 21.110. That bug, which scores 9.6 out of 10 on the CvSS scale, could allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. This means an attacker is required to have access to a shared physical network with the victim.\n\n[Affected products include](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html>) Intel Wi-Fi 6 AX200 and AX201, Intel Wireless-AC 9560, 9462, 9461 and 9260, Intel Dual Band Wireless-AC 8265, 8260 and 3168, Intel Wireless 7265 (Rev D) family and Intel Dual Band Wireless-AC 3165. Users of these products are recommended to update to version 21.110 or later.\n\n## **High-Severity Flaws**\n\nIntel also fixed multiple high-severity vulnerabilities, including a path traversal in its Endpoint Management Assistant ([CVE-2020-12315](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12315>)) \u2014 which provides tools to monitor and upgrade devices. This flaw could give an unauthenticated user escalated privileges via network access.\n\n[Four high-severity flaws exist](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html>) in Intel PROSet/Wireless Wi-Fi products before version 21.110. Intel PROSet/Wireless Wi-Fi software is used to set up, edit and manage Wi-Fi network profiles to connect to Wi-Fi networks.\n\nThese vulnerabilities stem from insufficient control-flow management ([CVE-2020-12313](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12313>)), improper input validation ([CVE-2020-12314](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12314>)), protection-mechanism failure ([CVE-2020-12318](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12318>)) and improper buffer restriction ([CVE-2020-12317](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12317>)). They can enable denial-of-service (DoS) attacks or privilege escalation.\n\nAnother high-severity flaw in Intel solid-state drive (SSD) products could allow an unauthenticated user to potentially enable information disclosure \u2013 if they have physical access to the device. The flaw ([CVE-2020-12309](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12309>)) stems from insufficiently protected credentials in the client SSD subsystems. A range of SSDs \u2013 including the Pro 6000p series, Pro 5450s and E 5100s series \u2013 [are affected and can be found here.](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362.html>)\n\nIntel\u2019s [Next Unit Computing (NUC) mini PC](<https://threatpost.com/intel-high-severity-flaws-nuc-modular-server-compute-module/154800/>) also had two high-severity flaws; including an insecure default variable initialization issue in the firmware ([CVE-2020-12336](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12336>)), that could allow authenticated users (with local access) to escalate their privileges. The other is an improper buffer restriction in the firmware ([CVE-2020-12337](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12337>)) enabling privileged users to escalate privileges (via local access).\n\nOther high-severity flaws include an [improper buffer restriction](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00422.html>) ([CVE-2020-12325](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12325>)) in Intel Thunderbolt DCH drivers for Windows; an [improper access-control hole](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00429.html>) ([CVE-2020-12350](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12350>)) in Intel\u2019s Extreme Tuning Utility and an improper input-validation flaw ([CVE-2020-12347](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12347>)) in the [Intel Data Center Manager Console](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430.html>).\n\n**Hackers Put Bullseye on Healthcare: **[**On Nov. 18 at 2 p.m. EDT**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** find out why hospitals are getting hammered by ransomware attacks in 2020. **[**Save your spot for this FREE webinar**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this **[**LIVE**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)**, limited-engagement webinar.**\n", "cvss3": {}, "published": "2020-11-10T20:59:04", "type": "threatpost", "title": "Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-12309", "CVE-2020-12313", "CVE-2020-12314", "CVE-2020-12315", "CVE-2020-12317", "CVE-2020-12318", "CVE-2020-12321", "CVE-2020-12325", "CVE-2020-12336", "CVE-2020-12337", "CVE-2020-12347", "CVE-2020-12350", "CVE-2020-8752"], "modified": "2020-11-10T20:59:04", "id": "THREATPOST:D2398CA9B354449C8FCA1436DF9E5877", "href": "https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/", "cvss": {"score": 0.0, "vector": "NONE"}}]}