Intel AMT/ISM up to 11.8.76/11.12.76/11.22.76/12.0.63 IPv6 Subsystem out-of-bounds read

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Intel AMT and ISM up to 11.8.76/11.12.76/11.22.76/12.0.63. It has been classified as critical. This affects an unknown function of the component IPv6 Subsystem. Upgrading to version 11.8.77, 11.12.77, 11.22.77 or 12.0.64 eliminates this vulnerability.

Field06/16/2020 08:30 AM06/16/2020 08:35 AM10/24/2020 04:25 PM
vendorIntelIntelIntel
nameAMT/ISMAMT/ISMAMT/ISM
version<=11.8.76/11.12.76/11.22.76/12.0.63<=11.8.76/11.12.76/11.22.76/12.0.63<=11.8.76/11.12.76/11.22.76/12.0.63
componentIPv6 SubsystemIPv6 SubsystemIPv6 Subsystem
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore8.58.58.5
cvss3_meta_tempscore8.28.28.2
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.07.07.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1592179200 (06/15/2020)1592179200 (06/15/2020)1592179200 (06/15/2020)
urlhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
upgrade_version11.8.77/11.12.77/11.22.77/12.0.6411.8.77/11.12.77/11.22.77/12.0.6411.8.77/11.12.77/11.22.77/12.0.64
cveCVE-2020-0594CVE-2020-0594CVE-2020-0594
seealso156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156720 156721 156722 156724 156725 156726 156771156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156720 156721 156722 156724 156725 156726 156771156707 156708 156709 156710 156711 156712 156713 156714 156715 156716 156717 156718 156720 156721 156722 156724 156725 156726 156771
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore9.89.89.8
cwe0125 (information disclosure)125 (information disclosure)
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cve_assigned15722208001572220800
cve_nvd_summaryOut-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
confirm_urlhttps://security.netapp.com/advisory/ntap-20200611-0007/

Interested in the pricing of exploits?

See the underground prices here!