Intel CSME/TXE/Server Platform Services Subsystem integer overflow

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in Intel CSME, TXE and Server Platform Services (version unknown). Affected is an unknown code of the component Subsystem. Upgrading eliminates this vulnerability.

Field06/16/2020 08:29 AM06/16/2020 08:32 AM10/24/2020 04:07 PM
vendorIntelIntelIntel
nameCSME/TXE/Server Platform ServicesCSME/TXE/Server Platform ServicesCSME/TXE/Server Platform Services
componentSubsystemSubsystemSubsystem
risk111
cvss2_vuldb_basescore4.14.14.1
cvss2_vuldb_tempscore3.63.63.6
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore4.94.94.9
cvss3_meta_tempscore4.74.74.7
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1592179200 (06/15/2020)1592179200 (06/15/2020)1592179200 (06/15/2020)
urlhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
cveCVE-2020-0545CVE-2020-0545CVE-2020-0545
seealso156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156721 156722 156723 156724 156725 156726 156771156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156721 156722 156723 156724 156725 156726 156771156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156721 156722 156723 156724 156725 156726 156771
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore4.44.44.4
cwe0190 (memory corruption)190 (memory corruption)
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prHH
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
cve_assigned15722208001572220800
cve_nvd_summaryInteger overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.
confirm_urlhttps://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf

Do you need the next level of professionalism?

Upgrade your account now!