Vulnerability CVE-2020-8758


Published: 2020-09-10

Description:
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Netapp -> Steelstore cloud integrated storage 
Intel -> Active management technology 
Intel -> Standard manageability 

 References:
https://security.netapp.com/advisory/ntap-20200911-0005/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html

Copyright 2020, cxsecurity.com

 

Back to Top