Lucene search

[email protected]CVE-2020-24507

HistoryJun 09, 2021 - 7:15 p.m.

CVE-2020-24507

2021-06-0919:15:08

CWE-665

[email protected]

web.nvd.nist.gov

cve-2020-24507

intel

csme

improper initialization

information disclosure

nvd

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

Improper initialization in a subsystem in the Intel® CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.

Affected configurations

Vulners

NVD

Node

intelconverged_security_and_manageability_engineRange<11.8.86

intelconverged_security_and_manageability_engineRange<11.12.86

intelconverged_security_and_manageability_engineRange<11.22.86

intelconverged_security_and_manageability_engineRange<12.0.81

intelconverged_security_and_manageability_engineRange<13.0.47

intelconverged_security_and_manageability_engineRange<13.30.17

intelconverged_security_and_manageability_engineRange<14.1.53

intelconverged_security_and_manageability_engineRange<14.5.32

intelconverged_security_and_manageability_engineRange<13.50.11

intelconverged_security_and_manageability_engineRange<15.0.22

CPENameOperatorVersion
intel:converged_security_and_manageability_engineintel converged security and manageability enginelt12.0.81

CPE	Name	Operator	Version
intel:converged_security_and_manageability_engine	intel converged security and manageability engine	lt	12.0.81

CNA Affected

[
  {
    "product": "Intel(R) CSME versions",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

security.netapp.com/advisory/ntap-20210611-0004/

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

Related for CVE-2020-24507

prion1 cvelist1 nvd1 intel1 lenovo1 hp1 ics1