CVE-2020-0595: Use After Free
First published: Mon Jun 15 2020(Updated: )
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Active Management Technology Firmware | >=11.0<11.8.77 | |
| Intel Active Management Technology Firmware | >=11.10<11.12.77 | |
| Intel Active Management Technology Firmware | >=11.20<11.22.77 | |
| Intel Active Management Technology Firmware | >=12.0<12.0.64 | |
| Intel Service Manager | >=11.0<11.8.77 | |
| Intel Service Manager | >=11.10<11.12.77 | |
| Intel Service Manager | >=11.20<11.22.77 | |
| Intel Service Manager | >=12.0<12.0.64 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-0595?
CVE-2020-0595 is a vulnerability that allows an unauthenticated user to potentially enable escalation of privilege via network access in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77, and 12.0.64.
What is the severity of CVE-2020-0595?
The severity of CVE-2020-0595 is critical with a CVSS score of 9.8.
Which software versions are affected by CVE-2020-0595?
Intel Active Management Technology Firmware versions before 11.8.77, 11.12.77, 11.22.77, and 12.0.64 as well as Intel Service Manager versions before 11.8.77, 11.12.77, 11.22.77, and 12.0.64 are affected by CVE-2020-0595.
How can an unauthenticated user exploit CVE-2020-0595?
An unauthenticated user can potentially enable escalation of privilege by leveraging the use-after-free vulnerability in the IPv6 subsystem via network access.
Are there any references for CVE-2020-0595?
Yes, you can find references for CVE-2020-0595 at the following links: [Link 1](https://security.netapp.com/advisory/ntap-20200611-0007/), [Link 2](https://support.lenovo.com/de/en/product_security/len-30041), [Link 3](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- vendor/intel
- canonical/intel active management technology firmware
- version/intel active management technology firmware/11.0
- version/intel active management technology firmware/11.10
- version/intel active management technology firmware/11.20
- version/intel active management technology firmware/12.0
- canonical/intel service manager
- version/intel service manager/11.0
- version/intel service manager/11.10
- version/intel service manager/11.20
- version/intel service manager/12.0