Vulnerability Details CVE-2020-0536
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://security.netapp.com/advisory/ntap-20200611-0006/
- https://support.lenovo.com/de/en/product_security/len-30041
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
- https://security.netapp.com/advisory/ntap-20200611-0006/
- https://support.lenovo.com/de/en/product_security/len-30041
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Products affected by CVE-2020-0536
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:*
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.10
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.50
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.55
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.60
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.65
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.70
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.77
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.79
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.20
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.21.51
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.22.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.22.60
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.22.65
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.22.70
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.8.50
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.8.55
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.8.60
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.8.65
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.8.70
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0.10
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0.20
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0.31
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.0.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.0.10
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.0.32
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:3.0
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:3.1.50
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:3.1.60
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:3.1.65
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:3.1.70
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:4.0
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:4.0.10
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:4.0.15
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:4.0.20
-
cpe:2.3:o:intel:trusted_execution_engine_firmware:4.0.5