Showing posts with label risk critical. Show all posts
Showing posts with label risk critical. Show all posts

Ajay Verma , , , , , , 00:53
Severity Rating: Critical

Software Affected

·         Intel CSME versions 11.0 through 11.8.76

·         Intel CSME versions 11.10 through 11.12.76

·         Intel CSME versions 11.20 through 11.22.76

·         Intel CSME versions 12.0 through 12.0.63

·         Intel CSME versions 13.0 through 13.0.31

·         Intel CSME versions 14.0 through 14.0.32

·         Intel CSME version 14.5.11

·         Intel AMT, Intel ISM and Intel DAL software versions prior to
11.8.77

·         Intel AMT, Intel ISM and Intel DAL software versions prior to
11.12.77

·         Intel AMT, Intel ISM and Intel DAL software versions prior to
11.22.77

·         Intel AMT, Intel ISM and Intel DAL software versions prior to
12.0.64

·         Intel AMT, Intel ISM and Intel DAL software versions prior to
13.0.32

·         Intel AMT, Intel ISM and Intel DAL software versions prior to
14.0.33

·         Intel AMT, Intel ISM and Intel DAL software versions prior to
14.5.12

·         Intel SPS firmware versions prior to SPS_E5_04.01.04.380.0

·         Intel SPS firmware versions prior to SPS_SoC-X_04.00.04.128.0

·         Intel SPS firmware versions prior to SPS_SoC-A_04.00.04.211.0

·         Intel SPS firmware versions prior to SPS_E3_04.01.04.109.0

·         Intel SPS firmware versions prior to SPS_E3_04.08.04.070.0

·         Intel TXE versions 3.0 through 3.1.70

·         Intel TXE versions 4.0 through 4.0.20

Overview

Multiple vulnerabilities have been reported in Intel Converged Security and
Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel
Trusted Execution Engine (TXE), Intel Active Management Technology (AMT),
Intel Standard Manageability (ISM) and Intel Dynamic Application Loader
(DAL) which could allow an unauthenticated remote attacker to gain
escalated privileges, obtain sensitive information or cause denial of
service conditions on a targeted system.

Description

These vulnerabilities exist in Intel products due to an out-of-bounds read
error, out-of-bounds write error, use-after-free error, improper input
validation, improper initialization, improper buffer restrictions, improper
access control, use of reversible one-way hash, insufficiently protected
credentials, integer overflow error and path traversal error.

Successful exploitation of these vulnerabilities could allow the attacker
to cause denial of service conditions via adjacent or local access, gain
escalated privileges through local, physical or network access or gain
sensitive information through network access on the targeted system.

Solution

Apply appropriate patches as mentioned in Intel Security Bulletin:

0295.html

Vendor Information

Intel

0295.html

References

CyberSecurityHelp


CVE Name

CVE-2020-0531

CVE-2020-0532

CVE-2020-0533

CVE-2020-0534

CVE-2020-0535

CVE-2020-0536

CVE-2020-0537

CVE-2020-0538

CVE-2020-0539

CVE-2020-0540

CVE-2020-0541

CVE-2020-0542

CVE-2020-0545

CVE-2020-0566

CVE-2020-0586

CVE-2020-0594

CVE-2020-0595

CVE-2020-0596

CVE-2020-0597

CVE-2020-8674
Read more [..]
Subscribe to: Posts ( Atom )

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top