CVE-2020-0545

Summary

CVE	CVE-2020-0545
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-06-15 14:15:00 UTC
Updated	2020-07-22 14:15:00 UTC
Description	Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Intel	Converged Security Management Engine Firmware	All	All	All	All
Operating System	Intel	Converged Security Management Engine Firmware	All	All	All	All
Application	Intel	Server Platform Services	All	All	All	All
Application	Intel	Server Platform Services	All	All	All	All
Operating System	Intel	Trusted Execution Engine	All	All	All	All
Operating System	Intel	Trusted Execution Engine	All	All	All	All

References

Reference	Source	Link	Tags
INTEL-SA-00295	MISC	www.intel.com	Vendor Advisory
Intel SA-00295 CSME Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support DE	MISC	support.lenovo.com
McAfee Security Bulletin - Enterprise Appliance updates addressing two vulnerabilities (CVE-2020-0545 and CVE-2020-0586)	CONFIRM	kc.mcafee.com
cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf	CONFIRM	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.