Input Validation Flaw in Intel CSME and TXE Products
CVE-2020-0536

7.5HIGH

Key Information:

Vendor
Intel
Status
Intel(r) Csme
Vendor
CVE Published:
15 June 2020

Summary

An improper input validation vulnerability exists in the DAL subsystem of Intel's CSME and TXE products, which could allow an unauthenticated user to potentially exploit the flaw via network access. This could lead to unauthorized information disclosure, exposing sensitive data and creating additional security risks. Users of affected product versions should prioritize updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Intel(R) CSME See provided reference

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200611-0006/
x_refsource_CONFIRM
https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.