#VU28972 Use-after-free in Active Management Technology SDK and Standard Manageability (ISM)


Published: 2020-06-11

Vulnerability identifier: #VU28972

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0595

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Active Management Technology SDK
Hardware solutions / Security hardware applicances
Standard Manageability (ISM)
Hardware solutions / Security hardware applicances

Vendor: Intel

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in IPv6 subsystem. A remote attacker can gain elevated privileges on the target system.

Note: This vulnerability affects the following versions of Intel AMT and ISM:

  • 11.0 through 11.8.76
  • 11.10 through 11.11.76
  • 11.20 through 11.22.76
  • 12.0 through 12.0.63

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Active Management Technology SDK: All versions

Standard Manageability (ISM): All versions

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Intel AMT and ISM