Intel CSME/TXE/Server Platform Services Subsystem integer overflow

A vulnerability, which was classified as problematic, was found in Intel CSME, TXE and Server Platform Services (version unknown). Affected is an unknown code of the component Subsystem. Upgrading eliminates this vulnerability.

Field	06/16/2020 08:29 AM	06/16/2020 08:32 AM	10/24/2020 04:07 PM
vendor	Intel	Intel	Intel
name	CSME/TXE/Server Platform Services	CSME/TXE/Server Platform Services	CSME/TXE/Server Platform Services
component	Subsystem	Subsystem	Subsystem
risk	1	1	1
cvss2_vuldb_basescore	4.1	4.1	4.1
cvss2_vuldb_tempscore	3.6	3.6	3.6
cvss2_vuldb_av	L	L	L
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	4.9	4.9	4.9
cvss3_meta_tempscore	4.7	4.7	4.7
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	5.1	5.1	5.1
cvss3_vuldb_av	L	L	L
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
date	1592179200 (06/15/2020)	1592179200 (06/15/2020)	1592179200 (06/15/2020)
url	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
name	Upgrade	Upgrade	Upgrade
cve	CVE-2020-0545	CVE-2020-0545	CVE-2020-0545
seealso	156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156721 156722 156723 156724 156725 156726 156771	156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156721 156722 156723 156724 156725 156726 156771	156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156721 156722 156723 156724 156725 156726 156771
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	X	X	X
cvss3_nvd_basescore	4.4	4.4	4.4
cwe	0	190 (memory corruption)	190 (memory corruption)
cvss2_nvd_av		L	L
cvss2_nvd_ac		L	L
cvss2_nvd_au		N	N
cvss2_nvd_ci		N	N
cvss2_nvd_ii		N	N
cvss2_nvd_ai		P	P
cvss3_nvd_av		L	L
cvss3_nvd_ac		L	L
cvss3_nvd_pr		H	H
cvss3_nvd_ui		N	N
cvss3_nvd_s		U	U
cvss3_nvd_c		N	N
cvss3_nvd_i		N	N
cvss3_nvd_a		H	H
cve_assigned		1572220800	1572220800
cve_nvd_summary		Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.	Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.
confirm_url			https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!