Vulnerability Details : CVE-2020-0541
Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.
Vulnerability category: Memory Corruption
Products affected by CVE-2020-0541
- Intel » Converged Security Management Engine FirmwareVersions from including (>=) 14.0 and before (<) 14.0.33cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
- Intel » Converged Security Management Engine FirmwareVersions from including (>=) 13.0 and before (<) 13.0.32cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
- Intel » Converged Security Management Engine Firmware undefinedVersions from including (>=) 12.0 and before (<) 12.0.64cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:undefined
- cpe:2.3:o:intel:converged_security_management_engine_firmware:14.5.11:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-0541
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-0541
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2020-0541
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-0541
-
https://support.lenovo.com/de/en/product_security/len-30041
Intel CSME, SPS, TXE, AMT and DAL Advisory - DE
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
INTEL-SA-00295Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20200611-0006/
Intel SA-00295 CSME Vulnerabilities in NetApp Products | NetApp Product Security
Jump to