Vulnerability CVE-2020-0534
Published: 2020-06-15

Description:
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Intel -> Converged security management engine firmware 

 References:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Copyright 2024, cxsecurity.com

 

Back to Top