{"api_version":"1","generated_at":"2026-04-23T06:07:57+00:00","cve":"CVE-2020-0542","urls":{"html":"https://cve.report/CVE-2020-0542","api":"https://cve.report/api/cve/CVE-2020-0542.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-0542","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-0542"},"summary":{"title":"CVE-2020-0542","description":"Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.","state":"PUBLIC","assigner":"secure@intel.com","published_at":"2020-06-15 14:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"INTEL-SA-00295","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200611-0006/","name":"https://security.netapp.com/advisory/ntap-20200611-0006/","refsource":"CONFIRM","tags":[],"title":"Intel SA-00295 CSME Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.lenovo.com/de/en/product_security/len-30041","name":"https://support.lenovo.com/de/en/product_security/len-30041","refsource":"MISC","tags":[],"title":"Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support DE","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-0542","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0542","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"542","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"542","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"undefined"},{"cve_year":"2020","cve_id":"542","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"14.5.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"542","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"542","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"undefined"},{"cve_year":"2020","cve_id":"542","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"14.5.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-0542","ASSIGNER":"secure@intel.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Intel(R) CSME","version":{"version_data":[{"version_value":"See provided reference"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Escalation of Privilege, Denial of Service, Information Disclosure"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200611-0006/","url":"https://security.netapp.com/advisory/ntap-20200611-0006/"},{"refsource":"MISC","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"},{"refsource":"MISC","name":"https://support.lenovo.com/de/en/product_security/len-30041","url":"https://support.lenovo.com/de/en/product_security/len-30041"}]},"description":{"description_data":[{"lang":"eng","value":"Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access."}]}},"nvd":{"publishedDate":"2020-06-15 14:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.8.77","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.20","versionEndExcluding":"11.22.77","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:undefined","versionStartIncluding":"12.0","versionEndExcluding":"12.0.64","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:14.5.11:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.0.32","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.10","versionEndExcluding":"11.12.77","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.33","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"542","Ordinal":"158982","Title":"CVE-2020-0542","CVE":"CVE-2020-0542","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"542","Ordinal":"1","NoteData":"Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"542","Ordinal":"2","NoteData":"2020-06-15","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"542","Ordinal":"3","NoteData":"2020-07-22","Type":"Other","Title":"Modified"}]}}}