CVE-2020-0584 - OpenCVE

Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Intel	Optane Ssd 905p Optane Ssd 900p Optane Ssd 905p Firmware Optane Ssd 900p Firmware Ssd Dc P4800x Ssd Dc P4800x Firmware Ssd Dc P4801x Firmware Ssd Dc P4801x

Configuration 1 [-]

AND

cpe:2.3:o:intel:ssd_dc_p4800x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4800x:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:ssd_dc_p4801x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4801x:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:optane_ssd_900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_ssd_900p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:optane_ssd_905p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_ssd_905p:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2020-11-12T17:59:01

Updated: 2020-11-12T17:59:01

Reserved: 2019-10-28T00:00:00

Link: CVE-2020-0584

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-12T18:15:12.907

Modified: 2020-11-19T14:48:09.287

Link: CVE-2020-0584

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4800x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA2079DA-BEB7-426C-8AA3-DBAF339A67F9", "versionEndExcluding": "e2010485", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4800x:-:*:*:*:*:*:*:*", "matchCriteriaId": "9CB70E56-CE0F-4935-AB6D-E22C43C1279C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4801x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E424829-6122-4A3F-B2E3-F344F7A3975D", "versionEndExcluding": "e2010485", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4801x:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC985659-EC05-4682-A1E9-65B0CFEBD91F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_ssd_900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C09CBDA-E2CB-41F2-8991-EE63641A3456", "versionEndExcluding": "e2010480", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_ssd_900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AFC9CF7-581F-4B2D-B93C-3D7E3C136F4C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_ssd_905p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "582A6D20-9AE9-4C1C-BCC8-E4C118EF5B7B", "versionEndExcluding": "e2010480", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_ssd_905p:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BD5595C-0047-441A-B398-8ACA421BB439", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access."}, {"lang": "es", "value": "Un desbordamiento del b\u00fafer en el firmware para Intel\u00ae SSD DC P4800X y P4801X Series, Intel\u00ae Optane\u2122 SSD 900P y 905P Series puede habilitar a un usuario no autenticado para permitir potencialmente una denegaci\u00f3n de servicio por medio de un acceso local"}], "id": "CVE-2020-0584", "lastModified": "2020-11-19T14:48:09.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-12T18:15:12.907", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}