Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.144117
Category:Web application abuses
Title:Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00295)
Summary:Potential security vulnerabilities in Intel Active Management Technology; (AMT) may allow escalation of privilege, denial of service or information disclosure.
Description:Summary:
Potential security vulnerabilities in Intel Active Management Technology
(AMT) may allow escalation of privilege, denial of service or information disclosure.

Vulnerability Insight:
Intel Active Management Technology is prone to multiple vulnerabilities:

- Improper input validation may allow an authenticated user to potentially enable information disclosure via
network access. (CVE-2020-0531)

- Improper input validation may allow an unauthenticated user to potentially enable denial of service or
information disclosure via adjacent access. (CVE-2020-0532)

- Improper input validation may allow a privileged user to potentially enable denial of service via network
access. (CVE-2020-0537)

- Improper input validation may allow an unauthenticated user to potentially enable denial of service via
network access. (CVE-2020-0538)

- Insufficiently protected credentials may allow an unauthenticated user to potentially enable information
disclosure via network access. (CVE-2020-0540)

- Out-of-bounds read in IPv6 subsystem may allow an unauthenticated user to potentially enable escalation of
privilege via network access. (CVE-2020-0594, CVE-2020-11899)

- Use after free in IPv6 subsystem may allow an unauthenticated user to potentially enable escalation of
privilege via network access. (CVE-2020-0595, CVE-2020-11900)

- Improper input validation in DHCPv6 subsystem may allow an unauthenticated user to potentially enable
information disclosure via network access. (CVE-2020-0596)

Note: CVE-2020-0594 and CVE-2020-0595 as assigned by Intel correspond to a subset of the CVEs disclosed in the linked
'Treck IP stacks contain multiple vulnerabilities' advisory (covering the 'Ripple20' called vulnerabilities)
and are matching CVE-2020-11899 and CVE-2020-11900.

Affected Software/OS:
Intel Active Management Technology versions 11.0 through 11.8.76, 11.10
through 11.11.76, 11.20 through 11.22.76 and 12.0 through 12.0.63.

Solution:
Upgrade to version 11.8.77, 11.11.77, 11.22.77, 12.0.64 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-0531
https://support.lenovo.com/de/en/product_security/len-30041
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-0532
Common Vulnerability Exposure (CVE) ID: CVE-2020-0537
Common Vulnerability Exposure (CVE) ID: CVE-2020-0538
Common Vulnerability Exposure (CVE) ID: CVE-2020-0540
Common Vulnerability Exposure (CVE) ID: CVE-2020-0594
Common Vulnerability Exposure (CVE) ID: CVE-2020-0595
Common Vulnerability Exposure (CVE) ID: CVE-2020-0596
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.