Vulnerability Details : CVE-2020-0545
Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2020-0545
- Intel » Converged Security Management Engine FirmwareVersions from including (>=) 11.10 and before (<) 11.12.77cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
- Intel » Converged Security Management Engine FirmwareVersions from including (>=) 11.0 and before (<) 11.8.77cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
- Intel » Converged Security Management Engine FirmwareVersions from including (>=) 11.20 and before (<) 11.22.77cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
- Intel » Server Platform ServicesVersions from including (>=) sps_soc-x_04.00.00.000.0 and before (<) sps_soc-x_04.00.04.128.0cpe:2.3:a:intel:server_platform_services:*:*:*:*:*:*:*:*
- Intel » Server Platform ServicesVersions from including (>=) sps_e3_04.00.00.000.0 and before (<) sps_e3_04.01.04.109.0cpe:2.3:a:intel:server_platform_services:*:*:*:*:*:*:*:*
- Intel » Server Platform ServicesVersions from including (>=) sps_e3_04.08.00.000.0 and before (<) sps_e3_04.08.04.070.0cpe:2.3:a:intel:server_platform_services:*:*:*:*:*:*:*:*
- Intel » Server Platform ServicesVersions from including (>=) sps_soc-a_04.00.00.000.0 and before (<) sps_soc-a_04.00.04.211.0cpe:2.3:a:intel:server_platform_services:*:*:*:*:*:*:*:*
- Intel » Server Platform ServicesVersions from including (>=) sps_e5_04.00.00.000.0 and before (<) sps_e5_04.01.04.380.0cpe:2.3:a:intel:server_platform_services:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:trusted_execution_engine:*:*:*:*:*:*:*:*
- cpe:2.3:o:intel:trusted_execution_engine:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-0545
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-0545
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.8
|
3.6
|
NIST |
CWE ids for CVE-2020-0545
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-0545
-
https://support.lenovo.com/de/en/product_security/len-30041
Intel CSME, SPS, TXE, AMT and DAL Advisory - DE
-
https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
INTEL-SA-00295Vendor Advisory
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10321
McAfee Security Bulletin - Enterprise Appliance updates addressing two vulnerabilities (CVE-2020-0545 and CVE-2020-0586)
-
https://security.netapp.com/advisory/ntap-20200611-0006/
Intel SA-00295 CSME Vulnerabilities in NetApp Products | NetApp Product Security
Jump to