{"api_version":"1","generated_at":"2026-04-23T06:07:59+00:00","cve":"CVE-2020-0539","urls":{"html":"https://cve.report/CVE-2020-0539","api":"https://cve.report/api/cve/CVE-2020-0539.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-0539","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-0539"},"summary":{"title":"CVE-2020-0539","description":"Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.","state":"PUBLIC","assigner":"secure@intel.com","published_at":"2020-06-15 14:15:00","updated_at":"2020-07-22 14:15:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"INTEL-SA-00295","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200611-0006/","name":"https://security.netapp.com/advisory/ntap-20200611-0006/","refsource":"CONFIRM","tags":[],"title":"Intel SA-00295 CSME Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.lenovo.com/de/en/product_security/len-30041","name":"https://support.lenovo.com/de/en/product_security/len-30041","refsource":"MISC","tags":[],"title":"Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support DE","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-0539","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0539","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"539","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"539","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"undefined"},{"cve_year":"2020","cve_id":"539","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"539","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"undefined"},{"cve_year":"2020","cve_id":"539","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"trusted_execution_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"539","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"trusted_execution_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-0539","ASSIGNER":"secure@intel.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Intel(R) AMT and Intel(R) CSME","version":{"version_data":[{"version_value":"See provided reference"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Escalation of Privilege, Denial of Service, Information Disclosure"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200611-0006/","url":"https://security.netapp.com/advisory/ntap-20200611-0006/"},{"refsource":"MISC","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"},{"refsource":"MISC","name":"https://support.lenovo.com/de/en/product_security/len-30041","url":"https://support.lenovo.com/de/en/product_security/len-30041"}]},"description":{"description_data":[{"lang":"eng","value":"Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access."}]}},"nvd":{"publishedDate":"2020-06-15 14:15:00","lastModifiedDate":"2020-07-22 14:15:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.8.77","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.20","versionEndExcluding":"11.22.77","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:undefined","versionStartIncluding":"12.0","versionEndExcluding":"12.0.64","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.0.32","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.10","versionEndExcluding":"11.12.77","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.33","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.0.25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.1.75","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"539","Ordinal":"158979","Title":"CVE-2020-0539","CVE":"CVE-2020-0539","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"539","Ordinal":"1","NoteData":"Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"539","Ordinal":"2","NoteData":"2020-06-15","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"539","Ordinal":"3","NoteData":"2020-07-22","Type":"Other","Title":"Modified"}]}}}