6.7
CVE-2020-0533
- EPSS 0.24%
- Veröffentlicht 15.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:53:41
- Quelle secure@intel.com
- CVE-Watchlists
- Unerledigt
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Intel ≫ Converged Security Management Engine Firmware Version >= 11.0 < 11.8.77
Intel ≫ Converged Security Management Engine Firmware Version >= 11.10 < 11.12.77
Intel ≫ Converged Security Management Engine Firmware Version >= 11.20 < 11.22.77
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.146 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://support.lenovo.com/de/en/product_security/len-30041
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
https://security.netapp.com/advisory/ntap-20200611-0006/