var-202011-1362
Vulnerability from variot
Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. Intel(R) CSME , TXE , SPS There is a vulnerability in the initialization of resources to insecure default values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1362",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.80"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "13.0"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.0.45"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "13.0.40"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "13.30.0"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.80"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e3_04.01.04.200"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "sps_e5_04.01.04.400"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.0"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "sps_soc-a_04.00.04.300"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.80"
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4.0.30"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "sps_soc-x_04.00.04.200"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.0"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "13.30.10"
},
{
"model": "converged security and manageability engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.70"
},
{
"model": "converged security and manageability engine",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.0"
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3.1.80"
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel converged security manageability engine"
},
{
"model": "trusted execution technology",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "server platform services"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"cve": "CVE-2020-8705",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8705",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186830",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-8705",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-8705",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8705",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-8705",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1655",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-186830",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186830"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. Intel(R) CSME , TXE , SPS There is a vulnerability in the initialization of resources to insecure default values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8705"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "VULHUB",
"id": "VHN-186830"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8705",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582",
"trust": 0.8
},
{
"db": "LENOVO",
"id": "LEN-39432",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3958.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3958",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186830",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186830"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"id": "VAR-202011-1362",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186830"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:16:38.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00391",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html"
},
{
"title": "Multiple Intel Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135436"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "Initializing resources to unsafe default values (CWE-1188) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201113-0002/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201113-0004/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201113-0005/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8705"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3958/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3958.2/"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-39432"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186830"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186830"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
},
{
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-186830"
},
{
"date": "2021-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"date": "2019-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1655"
},
{
"date": "2020-11-12T18:15:16.847000",
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-186830"
},
{
"date": "2021-07-08T07:58:00",
"db": "JVNDB",
"id": "JVNDB-2020-013582"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1655"
},
{
"date": "2024-11-21T05:39:17.910000",
"db": "NVD",
"id": "CVE-2020-8705"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Intel\u00a0 Product resource initialization to unsafe default values",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013582"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1655"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.