CVE-2020-0541

MEDIUM

Intel CSME Firmware <12.0.64,13.0-13.0.32,14.0-14.0.33,14.5-14.5.12 Authenticated OOB Write

Title source: llm

Description

Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

Vendor Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200611-0006/

Various Sources x_refsource_misc

https://support.lenovo.com/de/en/product_security/len-30041

Scores

CVSS v3 6.7

EPSS 0.0008

EPSS Percentile 22.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (3)

intel/converged_security_management_engine_firmware 14.5.11

intel/converged_security_management_engine_firmware 12.0 - 12.0.64

intel/converged_security_management_engine_firmware 13.0 - 13.0.32

Published Jun 15, 2020

Tracked Since Feb 18, 2026