CVE-2020-0542 : Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

Published 2020-06-15 14:15:11

Updated 2021-07-21 11:39:24

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Denial of serviceInformation leak

Products affected by CVE-2020-0542

Intel » Converged Security Management Engine Firmware
Versions from including (>=) 14.0 and before (<) 14.0.33
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware
Versions from including (>=) 11.10 and before (<) 11.12.77
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware
Versions from including (>=) 11.0 and before (<) 11.8.77
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware
Versions from including (>=) 13.0 and before (<) 13.0.32
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware undefined
Versions from including (>=) 12.0 and before (<) 12.0.64
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:undefined
Matching versions
Intel » Converged Security Management Engine Firmware
Versions from including (>=) 11.20 and before (<) 11.22.77
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware » Version: 14.5.11
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.5.11:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-0542

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-0542

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-0542

https://support.lenovo.com/de/en/product_security/len-30041

Intel CSME, SPS, TXE, AMT and DAL Advisory - DE

CVEs referencing this url
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

INTEL-SA-00295
Vendor Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20200611-0006/

Intel SA-00295 CSME Vulnerabilities in NetApp Products | NetApp Product Security

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-0542

Products affected by CVE-2020-0542

Exploit prediction scoring system (EPSS) score for CVE-2020-0542

CVSS scores for CVE-2020-0542

References for CVE-2020-0542