The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following:
Out-of-bounds write in IPv6 subsystem for Intel® AMT, Intel® ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. (CVE-2020-8752)
Out-of-bounds read in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. (CVE-2020-8747)
Out-of-bounds read in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-8749)
Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this time.
Binary data wmi_INTEL-SA-00391.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
intel | active_management_technology_firmware | cpe:/o:intel:active_management_technology_firmware | |
intel | active_management_technology | cpe:/h:intel:active_management_technology |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8747
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8761
www.nessus.org/u?d2fdd021