CVE-2020-0539 — Path Traversal in Intel Converged Security Management Engine Firmware

CWE-22 — Path Traversal3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 83.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware Intel Trusted Execution Engine Firmware

Timeline

PublishedJun 15

Latest updateMay 24

Description

Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDintel/trusted_execution_engine_firmware3.0 — 3.1.75+1

▶NVDintel/converged_security_management_engine_firmware11.0 — 11.8.77+5

🔴Vulnerability Details

GHSA

GHSA-x98q-xj22-fqcf: Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11↗2022-05-24

▶

CVEList

CVE-2020-0539: Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11↗2020-06-15

▶