CVE-2020-0545

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf
https://kc.mcafee.com/corporate/index?page=content&id=SB10321
https://security.netapp.com/advisory/ntap-20200611-0006/
https://support.lenovo.com/de/en/product_security/len-30041
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::
	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::
	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:intel:server_platform_services::::::::
	cpe:2.3:a:intel:server_platform_services::::::::
	cpe:2.3:a:intel:server_platform_services::::::::
	cpe:2.3:a:intel:server_platform_services::::::::
	cpe:2.3:a:intel:server_platform_services::::::::

Configuration 3 (hide)

OR	cpe:2.3:o:intel:trusted_execution_engine::::::::
	cpe:2.3:o:intel:trusted_execution_engine::::::::

History

No history.

Information

Published : 2020-06-15 14:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-0545

Mitre link : CVE-2020-0545

CVE.ORG link : CVE-2020-0545

JSON object : View

Products Affected

intel

trusted_execution_engine
converged_security_management_engine_firmware
server_platform_services

CWE

CWE-190

Integer Overflow or Wraparound

4.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-0545

4.4^/10

2.1^/10

Attach tags to `CVE-2020-0545`