Vulnerability Details CVE-2020-0541
Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.3%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 4.6
References
- https://security.netapp.com/advisory/ntap-20200611-0006/
- https://support.lenovo.com/de/en/product_security/len-30041
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
- https://security.netapp.com/advisory/ntap-20200611-0006/
- https://support.lenovo.com/de/en/product_security/len-30041
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Products affected by CVE-2020-0541
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:*
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0.10
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0.20
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:13.0.31
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.0.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.0.10
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.0.32
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:14.5.11