20 matches found
CVE-2021-33159
Intel AMT vulnerability CVE-2021-33159 stems from improper authentication in the AMT subsystem, enabling a privileged user to escalate privileges via local access. Affected firmware versions include AMT before 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25. Red Hat and other ...
CVE-2022-26845
CVE-2022-26845 affects Intel AMT firmware. Improper authentication may allow an unauthenticated network-access user to escalate privileges. Affected AMT/CSME/SPS firmware versions include before 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25. Remediation per PT-2022-18096 and Int...
CVE-2020-8747
CVE-2020-8747 is an out-of-bounds read in the Intel AMT subsystem (and related CSME/ISM/TXE components) affecting Intel AMT/CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The issue can enable information disclosure and/or denial of service via network access by an unauthen...
CVE-2020-8752
CVE-2020-8752 affects Intel AMT/ISM IPv6 subsystem: out-of-bounds write in IPv6 can allow unauthenticated privilege escalation via network access on Intel AMT/ISM firmware versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45. Intel INTEL-SA-00391 describes mitigation; affected products i...
CVE-2021-33068
CVE-2021-33068 is a null pointer dereference in the Intel AMT subsystem. Intel SPS/AMT/PMC chipset firmware before certain versions may allow an authenticated remote attacker to cause a denial-of-service via network access. Public documents from NVD/Intel/Red Hat/IBM describe affected components ...
CVE-2022-30601
The CVE-2022-30601 entry concerns Intel AMT and Intel Standard Manageability. The issue is described as insufficiently protected credentials, which could allow an unauthenticated user to disclose information and escalate privileges via network access. Affected components cited in multiple sources...
CVE-2020-8749
CVE-2020-8749 is an Intel AMT/CSME-related issue described as an out-of-bounds read in the AMT subsystem that may let an unauthenticated, adjacent user escalate privileges. Affected are Intel AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The CVE is part of a broader set of...
CVE-2022-28697
CVE-2022-28697 affects firmware in Intel(R) AMT and Intel(R) Standard Manageability. The issue is improper access control that may allow an unauthenticated user to escalate privileges via physical access. CVSSv3.1 metrics indicate physical attack vector, no privileges required, with high confiden...
CVE-2022-30944
CVE-2022-30944 affects Intel AMT and Intel Standard Manageability. Insufficiently protected credentials may allow a privileged user to disclose information via local access. The CVE is rated with a Local attack vector and High confidentiality impact (CVSSv3.1: 5.5). Multiple connected sources ref...
CVE-2020-12356
CVE-2020-12356 is an Intel AMT/CSME vulnerability (Out-of-bounds read) that affects AMT/ISM/CSME subsystems prior to specific builds: versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The issue can allow a privileged user to disclose information via local access; CVSS3.1 vector in...
CVE-2020-8754
Intel AMT/ISM subsystem contains an out-of-bounds read vulnerability (CVE-2020-8754) that could allow unauthenticated information disclosure over the network. Affected versions include Intel AMT/ISM before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. Intel’s advisory and vendor advisories in...
CVE-2020-8746
CVE-2020-8746 concerns Intel AMT/CSME subsystem integer overflow that could allow a remote unauthenticated actor to cause denial of service via adjacent access. Connected sources confirm the issue affects Intel AMT/CSME/ISM stack versions before specific fixes (11.8.82/11.12.82/11.22.82/12.0.70/1...
CVE-2020-8753
CVE-2020-8753 is an out-of-bounds read vulnerability in the DHCP subsystem of Intel AMT/ISM (and related components in the Intel CSME/SPS/TXE/SO CSME stack). Affected versions are Intel AMT/ISM before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The flaw may allow an unauthenticated attacker...
CVE-2020-8757
CVE-2020-8757 involves an out-of-bounds read in the Intel AMT subsystem that can allow a privileged local user to escalate privileges. Affected: Intel AMT/CSME family before versions 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 (and related AMT/ISM components per Intel advisories). Root cause...
CVE-2022-29893
The CVE-2022-29893 issue is in Intel® AMT firmware and stems from improper authentication, potentially allowing an authenticated user to escalate privileges over the network. Affected AMT versions include prior to 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25. Reported base ...
CVE-2020-8760
CVE-2020-8760 is an Intel AMT/CSME-related issue described as an integer overflow in the subsystem affecting AMT/CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45. The vulnerability may allow a privileged user to escalate privileges via local access. Public sources in connected d...
CVE-2018-3616
CVE-2018-3616 is a Bleichenbacher-style side-channel vulnerability in the TLS implementation of Intel AMT/CSME firmware prior to 12.0.5. An unauthenticated attacker could potentially obtain the TLS session key over the network. Public-internal sources confirm impact on Intel AMT/CSME (TLS) with C...
CVE-2022-27497
The CVE-2022-27497 issue is a null pointer dereference in Intel® AMT firmware prior to versions 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25 that may allow an unauthenticated remote attacker to cause a denial of service via network access. Public sources (Intel IPU advisory...
CVE-2018-3658
CVE-2018-3658 affects Intel AMT in Intel CSME firmware prior to 12.0.5. The issue is described as multiple memory leaks that may allow an unauthenticated, Intel AMT-provisioned user to cause a partial denial of service over the network. Remediation: upgrade to the latest Intel CSME firmware versi...
CVE-2018-3657
CVE-2018-3657 affects Intel AMT in Intel CSME firmware prior to 12.0.5, enabling a local attacker with high privileges to potentially execute arbitrary code with AMT execution rights via local access. The issue is described across multiple sources (NVD entry and related advisories) with a CVSSv3 ...