Improper Buffer Restrictions in Intel AMT and ISM Network Subsystem
CVE-2020-8758

9.8CRITICAL

Key Information:

Vendor: Intel
Status: Intel(r) Amt And Intel(r) Ism
Vendor: CVE Published:; 10 September 2020

What is CVE-2020-8758?

The vulnerability arises from improper buffer restrictions within the network subsystem of provisioned Intel AMT and Intel ISM. This allows unauthenticated users to potentially escalate privileges via network access in affected versions. Additionally, for un-provisioned systems, authenticated users may exploit local access to achieve similar privilege escalation. Users are advised to review the affected versions and apply the necessary updates as detailed in Intel's advisory.

Affected Version(s)

Intel(R) AMT and Intel(R) ISM Before versions 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20200911-0005/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2020
Vulnerability Reserved
Feb 6, 2020