Severity Rating: Critical
Software Affected
· Intel CSME versions 11.0 through 11.8.76
· Intel CSME versions 11.10 through 11.12.76
· Intel CSME versions 11.20 through 11.22.76
· Intel CSME versions 12.0 through 12.0.63
· Intel CSME versions 13.0 through 13.0.31
· Intel CSME versions 14.0 through 14.0.32
· Intel CSME version 14.5.11
· Intel AMT, Intel ISM and Intel DAL software versions prior to
11.8.77
· Intel AMT, Intel ISM and Intel DAL software versions prior to
11.12.77
· Intel AMT, Intel ISM and Intel DAL software versions prior to
11.22.77
· Intel AMT, Intel ISM and Intel DAL software versions prior to
12.0.64
· Intel AMT, Intel ISM and Intel DAL software versions prior to
13.0.32
· Intel AMT, Intel ISM and Intel DAL software versions prior to
14.0.33
· Intel AMT, Intel ISM and Intel DAL software versions prior to
14.5.12
· Intel SPS firmware versions prior to SPS_E5_04.01.04.380.0
· Intel SPS firmware versions prior to SPS_SoC-X_04.00.04.128.0
· Intel SPS firmware versions prior to SPS_SoC-A_04.00.04.211.0
· Intel SPS firmware versions prior to SPS_E3_04.01.04.109.0
· Intel SPS firmware versions prior to SPS_E3_04.08.04.070.0
· Intel TXE versions 3.0 through 3.1.70
· Intel TXE versions 4.0 through 4.0.20
Overview
Multiple vulnerabilities have been reported in Intel Converged Security and
Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel
Trusted Execution Engine (TXE), Intel Active Management Technology (AMT),
Intel Standard Manageability (ISM) and Intel Dynamic Application Loader
(DAL) which could allow an unauthenticated remote attacker to gain
escalated privileges, obtain sensitive information or cause denial of
service conditions on a targeted system.
Description
These vulnerabilities exist in Intel products due to an out-of-bounds read
error, out-of-bounds write error, use-after-free error, improper input
validation, improper initialization, improper buffer restrictions, improper
access control, use of reversible one-way hash, insufficiently protected
credentials, integer overflow error and path traversal error.
Successful exploitation of these vulnerabilities could allow the attacker
to cause denial of service conditions via adjacent or local access, gain
escalated privileges through local, physical or network access or gain
sensitive information through network access on the targeted system.
Solution
Apply appropriate patches as mentioned in Intel Security Bulletin:
0295.html
Vendor Information
Intel
0295.html
References
CyberSecurityHelp
CVE Name
CVE-2020-0531
CVE-2020-0532
CVE-2020-0533
CVE-2020-0534
CVE-2020-0535
CVE-2020-0536
CVE-2020-0537
CVE-2020-0538
CVE-2020-0539
CVE-2020-0540
CVE-2020-0541
CVE-2020-0542
CVE-2020-0545
CVE-2020-0566
CVE-2020-0586
CVE-2020-0594
CVE-2020-0595
CVE-2020-0596
CVE-2020-0597
CVE-2020-8674
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.