mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
173 lines
5.9 KiB
JSON
173 lines
5.9 KiB
JSON
{
|
|
"id": "CVE-2020-0536",
|
|
"sourceIdentifier": "secure@intel.com",
|
|
"published": "2020-06-15T14:15:10.783",
|
|
"lastModified": "2020-07-22T14:15:15.423",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una comprobaci\u00f3n de entrada inapropiada en el subsistema DAL para Intel\u00ae CSME versiones anteriores a 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 e Intel\u00ae TXE versiones anteriores a 3.1.75 y 4.0.25, puede permitir a un usuario no autenticado habilitar potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso de red"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.0",
|
|
"versionEndExcluding": "11.8.77",
|
|
"matchCriteriaId": "2CA2E306-9AEC-4767-9738-3EF0B833F896"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.10",
|
|
"versionEndExcluding": "11.12.77",
|
|
"matchCriteriaId": "299E26BE-7DB3-4D58-9C86-7634ACA11324"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.20",
|
|
"versionEndExcluding": "11.22.77",
|
|
"matchCriteriaId": "E62CE07C-7068-4FE3-9268-0A551D397597"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:undefined",
|
|
"versionStartIncluding": "12.0",
|
|
"versionEndExcluding": "12.0.64",
|
|
"matchCriteriaId": "7A86A849-7161-4EA0-B1CF-4E74A55D2E67"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.0",
|
|
"versionEndExcluding": "13.0.32",
|
|
"matchCriteriaId": "51B0E191-66BD-49B1-B745-F63006AD2A6F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "14.0",
|
|
"versionEndExcluding": "14.0.33",
|
|
"matchCriteriaId": "004EE62A-979B-4D9B-928D-B2558CE79B4E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.0",
|
|
"versionEndExcluding": "3.1.75",
|
|
"matchCriteriaId": "2ADFD0F7-45EE-4639-AB9D-CA36F7F18181"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.0",
|
|
"versionEndExcluding": "4.0.25",
|
|
"matchCriteriaId": "6D84402A-0018-4632-984C-78F4D85609C3"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20200611-0006/",
|
|
"source": "secure@intel.com"
|
|
},
|
|
{
|
|
"url": "https://support.lenovo.com/de/en/product_security/len-30041",
|
|
"source": "secure@intel.com"
|
|
},
|
|
{
|
|
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
|
|
"source": "secure@intel.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |