CVE-2020-0539

Published: Jun 15, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

Affected (8)

Products: Intel: Converged Security Management Engine Firmware, Trusted Execution Engine Firmware

2 products

Converged Security Management Engine Firmware

Trusted Execution Engine Firmware

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Intel Converged Security Management Engine Firmware	From 11.0 to 11.8.77
Intel Converged Security Management Engine Firmware	From 11.10 to 11.12.77
Intel Converged Security Management Engine Firmware	From 11.20 to 11.22.77
Intel Converged Security Management Engine Firmware	From 13.0 to 13.0.32
Intel Converged Security Management Engine Firmware	From 14.0 to 14.0.33
Intel Converged Security Management Engine Firmware	From 12.0 to 12.0.64

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Intel Trusted Execution Engine Firmware	From 3.0 to 3.1.75
Intel Trusted Execution Engine Firmware	From 4.0 to 4.0.25

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (8)

https://security.netapp.com/advisory/ntap-20200611-0006/

Source: secure@intel.com

https://support.lenovo.com/de/en/product_security/len-30041

Source: secure@intel.com

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Source: secure@intel.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20200611-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.lenovo.com/de/en/product_security/len-30041

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.