Vulnerability Details : CVE-2020-0597
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
Vulnerability category: Denial of service
Products affected by CVE-2020-0597
- Intel » Active Management Technology FirmwareVersions from including (>=) 12.0 and up to, including, (<=) 12.0.63cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*
- Intel » Active Management Technology FirmwareVersions from including (>=) 11.20 and up to, including, (<=) 11.22.76cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*
- Intel » Active Management Technology FirmwareVersions from including (>=) 11.0 and up to, including, (<=) 11.8.76cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*
- Intel » Active Management Technology FirmwareVersions from including (>=) 13.0 and up to, including, (<=) 13.0.31cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*
- Intel » Active Management Technology FirmwareVersions from including (>=) 14.0 and up to, including, (<=) 14.0.32cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*
- Intel » Active Management Technology FirmwareVersions from including (>=) 11.10 and up to, including, (<=) 11.11.76cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-0597
Top countries where our scanners detected CVE-2020-0597
Top open port discovered on systems with this issue
16992
IPs affected by CVE-2020-0597 1,465
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-0597!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-0597
1.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-0597
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-0597
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-0597
-
https://www.kb.cert.org/vuls/id/257161
VU#257161 - Treck IP stacks contain multiple vulnerabilitiesThird Party Advisory;US Government Resource
-
https://www.synology.com/security/advisory/Synology_SA_20_15
Synology Inc.Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20200611-0007/
Intel SA-00295 AMT Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.lenovo.com/de/en/product_security/len-30041
Intel CSME, SPS, TXE, AMT and DAL Advisory - DEThird Party Advisory
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
INTEL-SA-00295Vendor Advisory
Jump to