HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-0536

CVSS 7.5v3.1pub. 2020-06-15upd. 2024-11-21

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Intel Converged Security Management Engine Firmware

    OS
    Intel
    11.0 – 11.8.77 (bez)11.10 – 11.12.77 (bez)11.20 – 11.22.77 (bez)12.0 – 12.0.64 (bez)13.0 – 13.0.32 (bez)14.0 – 14.0.33 (bez)
  • Intel Trusted Execution Engine Firmware

    OS
    Intel
    3.0 – 3.1.75 (bez)4.0 – 4.0.25 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2019-0153CRITICAL9.8ten sam produkt

Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to pote...

CVE-2022-38102HIGH7.2ten sam produkt

Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versio...

CVE-2022-36392HIGH8.6ten sam produkt

Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before version...

CVE-2020-0542HIGH7.8ten sam produkt

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5...

CVE-2020-0534HIGH7.5ten sam produkt

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and...