2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory

Summary: Potential security vulnerabilities in Intel® Converged Security and Manageability Engine CSME, Server Platform Services SPS, Intel® Trusted Execution Engine TXE, Intel® Dynamic Application Loader DAL, Intel® Active Management Technology AMT, Intel® Standard Manageability ISM and Intel®...

GHSA-G644-PR5V-VPPF Insertion of Sensitive Information into Log File in Apache NiFi Stateless

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext...

The vulnerability of microprogramming software, including Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS), arises from insecure resource initialization, allowing attackers to escalate their privileges.

The vulnerabilities of Microprogramming Software, including Intel Converged Security and Manageability Engine CSME, Intel Trusted Execution Engine TXE, and Intel Server Platform Services SPS, are related to insecure resource initialization. Exploiting these vulnerabilities can allow attackers to...

The vulnerability of microprogramming software, including the Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS), is related to deficiencies in access control. This allows attackers to enhance their privileges.

The vulnerabilities of Intel Converged Security and Manageability Engine CSME, Intel Trusted Execution Engine TXE, and Intel Server Platform Services SPS are related to deficiencies in access control. Exploiting these vulnerabilities can allow attackers to enhance their privileges...

The vulnerability of the DAL subsystem of the Intel Converged Security and Manageability Engine (CSME) and the Intel Trusted Execution Engine (TXE) software allows a perpetrator to enhance their privileges.

The vulnerability of the DAL subsystem of the Intel Converged Security and Manageability Engine CSME and the Intel Trusted Execution Engine TXE is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges...

The vulnerability of Intel Trusted Execution Engine’s microprogramming software, related to the use of memory after it is freed, allows attackers to enhance their privileges.

The vulnerability of Intel Trusted Execution Engine TXE microprogramming software is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges...

Vulnerability in the Microprogramming Software System of the Intel Converged Security and Manageability Engine (CSME) and the Microprogramming Software System of the Intel Trusted Execution Engine (TXE), allowing a perpetrator to gain unauthorized access to protected information

The vulnerability in the Microprogramming Software Intel Converged Security and Manageability Engine CSME and Intel Trusted Execution Engine TXE is related to insufficient flow control. Exploitation of this vulnerability may allow an attacker to gain unauthorized access to protected information...

Multiple vulnerabilities fixed in Intel systems

Intel has fixed several vulnerabilities in Converged Security and Manageability Engine CSME, Server Platform Services SPS, Trusted Execution Engine TXE, Dynamic Application Loader DAL, Active Management Technology AMT and Standard Manageability ISM. Malicious parties can exploit the vulnerabiliti...

CVE-2020-12303

Use after free in DAL subsystem for IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access...

The vulnerability of the Intel Dynamic Application Loader (DAL) subsystem of the Intel Converged Security and Manageability Engine (CSME) and Intel Trusted Execution Engine (TXE) allows a attacker to trigger a service failure.

The vulnerability of the Intel Dynamic Application Loader DAL subsystem within the Intel Converged Security and Manageability Engine CSME and Intel Trusted Execution Engine TXE is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could...

The vulnerability of the Intel Converged Security and Manageability Engine technology and the Intel Trusted Execution Engine software lies in insufficient input data validation, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Intel Converged Security and Manageability Engine technology and the Intel Trusted Execution Engine TXE software is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access...

The vulnerability relates to the implementation of the Intel Converged Security and Manageability Engine, the microsoftware of the Intel Server Platform Services, and the Intel Trusted Execution Engine. It stems from a numerical overflow in data structures, allowing an attacker to trigger a service failure.

The vulnerability of the Intel Converged Security and Manageability Engine, the microsoftware of the Intel Server Platform Services, and the Intel Trusted Execution Engine is related to a count-based overflow in data structures. Exploiting this vulnerability can allow an attacker to trigger a...

CVE-2020-0566

Improper Access Control in subsystem for IntelR TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

CVE-2020-0545

Integer overflow in subsystem for IntelR CSME versions before 11.8.77, 11.12.77, 11.22.77 and IntelR TXE versions before 3.1.75, 4.0.25 and IntelR Server Platform Services SPS versions before SPSE504.01.04.380.0, SPSSoC-X04.00.04.128.0, SPSSoC-A04.00.04.211.0, SPSE304.01.04.109.0,...

CVE-2020-0536

Improper input validation in the DAL subsystem for IntelR CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and IntelR TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access...

Intel CSME, TXE and SPS Input Validation Error Vulnerability

Intel Converged Security and Management Engine CSME, etc. are products of Intel Corporation, USA. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services SPS is a server platform service program. Intel Converged Security and Management Engine...

Intel TXE and CSME Path Traversal Vulnerability

Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation, U.S.A. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust execution engine with hardware authentication capabilities for use in CPUs central...

Vulnerabilities fixed in Intel products

Intel has fixed vulnerabilities in Intel Converged Security and Manageability Engine CSME, Intel Server Platform Services SPS, Intel Trusted Execution Engine TXE, Intel Active Management Technology AMT, Intel Standard Manageability ISM and Intel Dynamic Application Loader DAL. The above products...

HPSBHF03667 rev. 2 - Intel® 2020.1 IPU - CSME, SPS, TXT, AMT and DAL Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Intel® VULNERABILITY SUMMARY HP has been notified by Intel of potential security vulnerabilities in the Intel® Converged Security and...

Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US

Lenovo Security Advisory: LEN-30041 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-0542, CVE-2020-0532, CVE-2020-0538, CVE-2020-0534, CVE-2020-0541, CVE-2020-0533, CVE-2020-0537, CVE-2020-053...