CVE-2020-8674

CVE Database · CVE-2020-8674

CVE-2020-8674

· MEDIUMModified

CVSS v3.1

5.3

EPSS

1.79%

Published

Jun 15, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-125

Affected Products (10)

intel · active_management_technology_firmware (up to 11.8.77)vulnerable

intel · active_management_technology_firmware (up to 11.12.77)vulnerable

intel · active_management_technology_firmware (up to 11.22.77)vulnerable

intel · active_management_technology_firmware (up to 12.0.64)vulnerable

intel · active_management_technology_firmware (up to 14.0.33)vulnerable

intel · service_manager (up to 11.8.77)vulnerable

intel · service_manager (up to 11.12.77)vulnerable

intel · service_manager (up to 11.22.77)vulnerable

References (12)

https://security.netapp.com/advisory/ntap-20200611-0007/

https://support.lenovo.com/de/en/product_security/len-30041

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Vendor Advisory

https://www.kb.cert.org/vuls/id/257161

https://www.synology.com/security/advisory/Synology_SA_20_15

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200611-0007/

https://support.lenovo.com/de/en/product_security/len-30041

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

KEV Catalog EPSS Scores Vendors All CVEs