CVE-2020-0545

low-risk

Published 2020-06-15

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.

Do I need to act?

-

0.10% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.4/10 Medium

LOCAL / LOW complexity

Affected Products (3)

Converged Security Management Engine Firmware

Server Platform Services

Trusted Execution Engine

Affected Vendors

Intel

References (12)

https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf

https://kc.mcafee.com/corporate/index?page=content&id=SB10321

https://security.netapp.com/advisory/ntap-20200611-0006/

https://support.lenovo.com/de/en/product_security/len-30041

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295....

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295....

https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf

https://kc.mcafee.com/corporate/index?page=content&id=SB10321

https://security.netapp.com/advisory/ntap-20200611-0006/

https://support.lenovo.com/de/en/product_security/len-30041

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295....

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295....

24

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 9/34 · Low