var-202006-0026
Vulnerability from variot
Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT and ISM There is an input verification vulnerability in.Information may be obtained. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64; ISM before 11.8.77, before 11.12.77, before 11.22.77 Version, version before 12.0.64
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "service manager",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "service manager",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "service manager",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.20"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "service manager",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "service manager",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.0"
},
{
"model": "service manager",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.10"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "service manager",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "service manager",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.20"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.10"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "12.0.64"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.12.77"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.22.77"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.8.77"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "12.0.64"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"db": "NVD",
"id": "CVE-2020-0596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:active_management_technology_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:intel:service_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
}
]
},
"cve": "CVE-2020-0596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-0596",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006818",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-162030",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-0596",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006818",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0596",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006818",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-813",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-162030",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-0596",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-162030"
},
{
"db": "VULMON",
"id": "CVE-2020-0596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-813"
},
{
"db": "NVD",
"id": "CVE-2020-0596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT and ISM There is an input verification vulnerability in.Information may be obtained. Both Intel Active Management Technology (AMT) and Intel Software Manager (ISM) are products of Intel Corporation of the United States. Intel Active Management Technology is a set of hardware-based computer remote active management technology software. Intel Software Manager is a utility for managing Intel software development products. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64; ISM before 11.8.77, before 11.12.77, before 11.22.77 Version, version before 12.0.64",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"db": "VULHUB",
"id": "VHN-162030"
},
{
"db": "VULMON",
"id": "CVE-2020-0596"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0596",
"trust": 2.6
},
{
"db": "LENOVO",
"id": "LEN-30041",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU98979613",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006818",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-813",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1991",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-162030",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-0596",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-162030"
},
{
"db": "VULMON",
"id": "CVE-2020-0596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-813"
},
{
"db": "NVD",
"id": "CVE-2020-0596"
}
]
},
"id": "VAR-202006-0026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-162030"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:20:16.326000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00295",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"title": "Intel AMT and ISM Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122463"
},
{
"title": "HP: HPSBHF03667 rev. 1 - Intel\u00ae 2020.1 IPU - CSME, SPS, TXT, AMT and DAL Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03667"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-0596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-162030"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"db": "NVD",
"id": "CVE-2020-0596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200611-0007/"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"trust": 1.8,
"url": "https://www.synology.com/security/advisory/synology_sa_20_15"
},
{
"trust": 1.8,
"url": "https://support.lenovo.com/de/en/product_security/len-30041"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0596"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0596"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98979613/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1991.2/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-csme-sps-txe-amt-ism-dal-multiple-vulnerabilities-32545"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-30041"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183157"
},
{
"trust": 0.1,
"url": "https://threatpost.com/critical-intel-flaws-fixed-in-active-management-technology/156458/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-162030"
},
{
"db": "VULMON",
"id": "CVE-2020-0596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-813"
},
{
"db": "NVD",
"id": "CVE-2020-0596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-162030"
},
{
"db": "VULMON",
"id": "CVE-2020-0596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-813"
},
{
"db": "NVD",
"id": "CVE-2020-0596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-162030"
},
{
"date": "2020-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-0596"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"date": "2020-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-813"
},
{
"date": "2020-06-15T14:15:11.597000",
"db": "NVD",
"id": "CVE-2020-0596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-162030"
},
{
"date": "2020-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-0596"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006818"
},
{
"date": "2021-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-813"
},
{
"date": "2024-11-21T04:53:49.500000",
"db": "NVD",
"id": "CVE-2020-0596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-813"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) AMT and ISM Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006818"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-813"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.