Lucene search

[email protected]CVE-2020-8745

HistoryNov 12, 2020 - 6:15 p.m.

CVE-2020-8745

2020-11-1218:15:17

[email protected]

web.nvd.nist.gov

cve-2020-8745

intel

csme

txe

control flow management

privilege escalation

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

Insufficient control flow management in subsystem for Intel® CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel® TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Affected configurations

NVD

Node

intelconverged_security_and_manageability_engineRange<11.8.80

intelconverged_security_and_manageability_engineRange11.12.0–11.12.80

intelconverged_security_and_manageability_engineRange11.22.0–11.22.80

intelconverged_security_and_manageability_engineRange12.0–12.0.70

intelconverged_security_and_manageability_engineRange14.0–14.0.45

intelconverged_security_and_manageability_engineRange14.5.0–14.5.25

Node

inteltrusted_execution_technologyRange<3.1.80

inteltrusted_execution_technologyRange4.0–4.0.30

Node

siemenssimatic_drive_controller_firmwareRange<05.00.01.00

AND

siemenssimatic_drive_controllerMatch-

Node

siemenssimatic_et200sp_1515sp_pc2_firmwareRange<0209.0105

AND

siemenssimatic_et200sp_1515sp_pc2Match-

Node

siemenssimatic_field_pg_m5_firmwareRange<22.01.08

AND

siemenssimatic_field_pg_m5Match-

Node

siemenssimatic_field_pg_m6_firmwareMatch-

AND

siemenssimatic_field_pg_m6Match-

Node

siemenssimatic_ipc127e_firmwareRange<27.01.05

AND

siemenssimatic_ipc127eMatch-

Node

siemenssimatic_ipc427e_firmwareRange<27.01.05

AND

siemenssimatic_ipc427eMatch-

Node

siemenssimatic_ipc477e_firmwareRange<27.01.05

AND

siemenssimatic_ipc477eMatch-

siemenssimatic_ipc477e_proMatch-

Node

siemenssimatic_ipc527g_firmwareRange<1.4.0

AND

siemenssimatic_ipc527gMatch-

Node

siemenssimatic_ipc547g_firmwareRange<r1.30.0

AND

siemenssimatic_ipc547gMatch-

Node

siemenssimatic_ipc627e_firmwareRange<25.02.08

AND

siemenssimatic_ipc627eMatch-

Node

siemenssimatic_ipc647e_firmwareRange<25.02.08

AND

siemenssimatic_ipc647eMatch-

Node

siemenssimatic_ipc667e_firmwareRange<25.02.08

AND

siemenssimatic_ipc667eMatch-

Node

siemenssimatic_ipc847e_firmwareRange<25.02.08

AND

siemenssimatic_ipc847eMatch-

Node

siemenssimatic_itp1000_firmwareRange<23.01.08

AND

siemenssimatic_itp1000Match-

Node

siemenssinumerik_828d_hw_pu.4_firmwareRange<08.00.00.00

AND

siemenssinumerik_828d_hw_pu.4Match-

Node

siemenssinumerik_mc_mcu_1720_firmwareRange<05.00.00.00

AND

siemenssinumerik_mc_mcu_1720Match-

Node

siemenssinumerik_one_firmwareMatch-

AND

siemenssinumerik_oneMatch-

Node

siemenssinumerik_840d_sl_ht_10_firmwareMatch-

AND

siemenssinumerik_840d_sl_ht_10Match-

Node

siemenssinumerik_one_ncu_1740_firmwareRange<04.00.00.00

AND

siemenssinumerik_one_ncu_1740Match-

Node

siemenssinumerik_one_ppu_1740_firmwareRange<06.00.00.00

AND

siemenssinumerik_one_ppu_1740Match-

CPENameOperatorVersion
intel:converged_security_and_manageability_engineintel converged security and manageability enginelt11.8.80
intel:converged_security_and_manageability_engineintel converged security and manageability enginelt11.12.80
intel:converged_security_and_manageability_engineintel converged security and manageability enginelt11.22.80
intel:converged_security_and_manageability_engineintel converged security and manageability enginelt12.0.70
intel:converged_security_and_manageability_engineintel converged security and manageability enginelt14.0.45
intel:converged_security_and_manageability_engineintel converged security and manageability enginelt14.5.25

CPE	Name	Operator	Version
intel:converged_security_and_manageability_engine	intel converged security and manageability engine	lt	11.8.80
intel:converged_security_and_manageability_engine	intel converged security and manageability engine	lt	11.12.80
intel:converged_security_and_manageability_engine	intel converged security and manageability engine	lt	11.22.80
intel:converged_security_and_manageability_engine	intel converged security and manageability engine	lt	12.0.70
intel:converged_security_and_manageability_engine	intel converged security and manageability engine	lt	14.0.45
intel:converged_security_and_manageability_engine	intel converged security and manageability engine	lt	14.5.25

CNA Affected

[
  {
    "product": "Intel(R) CSME, Intel(R) TXE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf

security.netapp.com/advisory/ntap-20201113-0002/

security.netapp.com/advisory/ntap-20201113-0005/

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Social References

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for CVE-2020-8745

cvelist1 nvd1 nessus2 prion1 f51 ics1 hp1 intel1