更多 选择语言
安全公告-关于intel-sa-00295的声明
初始发布时间:2020-07-02 18:02:27
更新发布时间:2020-08-18 16:35:27
漏洞描述:

2020.06.10,我们监测到英特尔公布了多个产品中潜在的安全漏洞,其中预警intel-sa-00295中包括Intel CSME, SPS, TXE, AMT, ISM and DAL等多个产品,可能存在权限提升,拒绝服务或信息泄露漏洞。英特尔已发布固件和软件更新,以减轻这些潜在的漏洞。
浪潮已经发布了安全预警(SA),客户可通过安全预警获取漏洞修复方案。

浪潮受影响产品

CVE CVSS Affected Products
CVE-2020-0594 CVSS Base Score: 9.8 Critical
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
none
CVE-2020-0595 CVSS Base Score: 9.8 Critical
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
none
CVE-2020-0586 CVSS Base Score: 8.4 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
none
CVE-2020-0542 CVSS Base Score: 7.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
none
CVE-2020-0596 CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
none
CVE-2020-0538 CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
none
CVE-2020-0534 CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
none
CVE-2020-0533 CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
none
CVE-2020-0566 CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
none
CVE-2020-0532 CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
none
CVE-2020-0541 CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
none
CVE-2020-0597 CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
none
CVE-2020-0531 CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
none
CVE-2020-0535 CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
none
CVE-2020-0540 CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
none
CVE-2020-0536 CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
none
CVE-2020-0537 CVSS Base Score: 4.9 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
none
CVE-2020-0545 CVSS Base Score: 4.4 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
server M5
CVE-2020-8674 CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
none
CVE-2020-0539 CVSS Base Score: 3.3 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
none

参考链接:

Intel-SA-00295:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

更新记录:

2020-07-02 V1.0 INITIAL
2020-08-18 V1.1 UPDATE 增加SA链接

浪潮安全应急响应对外服务:

浪潮一贯主张尽全力保障产品用户的最终利益,遵循负责任的安全事件披露原则,并通过产品安全问题处理机制处理产品安全问题。

反馈浪潮产品安全问题:https://www.inspur.com/lcjtww/psirt/vulnerability-management/index.html#report_ldbg

订阅浪潮产品安全信息:https://en.inspur.com/en/security_bulletins/vulnerability_subscription/index.html

获取技术支持:https://www.inspur.com/lcjtww/2317452/2317456/2317460/index.html


线




×
联系我们
服务器、存储、网络产品购买热线
400-860-6708
ERP、管理软件购买热线
400-018-7700
云服务产品销售热线
400-607-6657