CVE-2020-8758 - OpenCVE

Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Steelstore Cloud Integrated Storage
Intel	Active Management Technology Firmware Standard Manageability

Configuration 1 [-]

OR	cpe:2.3:a:intel:standard_manageability::::::::
	cpe:2.3:a:intel:standard_manageability::::::::
	cpe:2.3:a:intel:standard_manageability::::::::
	cpe:2.3:a:intel:standard_manageability::::::::
	cpe:2.3:a:intel:standard_manageability::::::::
	cpe:2.3:o:intel:active_management_technology_firmware::::::::
	cpe:2.3:o:intel:active_management_technology_firmware::::::::
	cpe:2.3:o:intel:active_management_technology_firmware::::::::
	cpe:2.3:o:intel:active_management_technology_firmware::::::::
	cpe:2.3:o:intel:active_management_technology_firmware::::::::

Configuration 2 [-]

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

References

Link	Resource
https://security.netapp.com/advisory/ntap-20200911-0005/	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2020-09-10T14:22:14

Updated: 2020-09-11T12:06:34

Reserved: 2020-02-06T00:00:00

Link: CVE-2020-8758

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-10T15:16:53.827

Modified: 2023-05-22T15:31:46.127

Link: CVE-2020-8758

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Intel(R) AMT and Intel(R) ISM", "vendor": "n/a", "versions": [{"status": "affected", "version": "Before versions 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39"}]}], "descriptions": [{"lang": "en", "value": "Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-11T12:06:34", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200911-0005/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-8758", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) AMT and Intel(R) ISM", "version": {"version_data": [{"version_value": "Before versions 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html"}, {"name": "https://security.netapp.com/advisory/ntap-20200911-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200911-0005/"}]}}}}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-8758", "datePublished": "2020-09-10T14:22:14", "dateReserved": "2020-02-06T00:00:00", "dateUpdated": "2020-09-11T12:06:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4162A8B-896F-4B18-8D6D-60320C587744", "versionEndExcluding": "11.8.79", "versionStartIncluding": "11.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FAA2057-7FF1-4EE0-974F-767E7CF9F239", "versionEndExcluding": "11.12.79", "versionStartIncluding": "11.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFE3FF6A-3F10-43F8-8400-653A015E1431", "versionEndExcluding": "11.22.79", "versionStartIncluding": "11.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*", "matchCriteriaId": "C85C642D-DE4F-4052-8549-A5741164C0B3", "versionEndExcluding": "12.0.68", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CAAB4E4-FC0B-4B5E-A359-5A5FAF91F135", "versionEndExcluding": "14.0.39", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C1C4C98-F1D3-4604-9434-081B02F9AC37", "versionEndExcluding": "11.8.79", "versionStartIncluding": "11.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4470D98C-163E-4C00-9AFD-EFDA03A520FE", "versionEndExcluding": "11.12.79", "versionStartIncluding": "11.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "737C8627-6B2E-4371-AA30-5324F65717E6", "versionEndExcluding": "11.22.79", "versionStartIncluding": "11.22", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4EB57A8-E655-4AA9-AEA7-1A7848F743D7", "versionEndExcluding": "12.0.68", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A4A1AB1-7557-490A-9B76-2F6F7FEEBF93", "versionEndExcluding": "14.0.39", "versionStartIncluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Unas restricciones de b\u00fafer inapropiadas en el subsistema de red en Intel(R) AMT e Intel(R) ISM aprovisionado versiones anteriores a 11.8.79, 11.12.79, 11.22.79, 12.0.68 y 14.0.39, pueden permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegio por medio del acceso a la red. En sistemas no aprovisionados, un usuario autenticado puede habilitar potencialmente una escalada de privilegios por medio del acceso local"}], "id": "CVE-2020-8758", "lastModified": "2023-05-22T15:31:46.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-10T15:16:53.827", "references": [{"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200911-0005/"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}