CVE-2020-0539

Published Jun 15, 2020

Last updated 4 years ago

CVSS medium 5.5

Overview

Description: Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.
Source: secure@intel.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CA2E306-9AEC-4767-9738-3EF0B833F896",
            "versionEndExcluding": "11.8.77",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "299E26BE-7DB3-4D58-9C86-7634ACA11324",
            "versionEndExcluding": "11.12.77",
            "versionStartIncluding": "11.10"
          },
          {
            "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E62CE07C-7068-4FE3-9268-0A551D397597",
            "versionEndExcluding": "11.22.77",
            "versionStartIncluding": "11.20"
          },
          {
            "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:undefined",
            "vulnerable": true,
            "matchCriteriaId": "7A86A849-7161-4EA0-B1CF-4E74A55D2E67",
            "versionEndExcluding": "12.0.64",
            "versionStartIncluding": "12.0"
          },
          {
            "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51B0E191-66BD-49B1-B745-F63006AD2A6F",
            "versionEndExcluding": "13.0.32",
            "versionStartIncluding": "13.0"
          },
          {
            "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "004EE62A-979B-4D9B-928D-B2558CE79B4E",
            "versionEndExcluding": "14.0.33",
            "versionStartIncluding": "14.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ADFD0F7-45EE-4639-AB9D-CA36F7F18181",
            "versionEndExcluding": "3.1.75",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D84402A-0018-4632-984C-78F4D85609C3",
            "versionEndExcluding": "4.0.25",
            "versionStartIncluding": "4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References