CVE-2020-0584 - OpenCVE

Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Optane Ssd 900p Optane Ssd 900p Firmware Optane Ssd 905p Optane Ssd 905p Firmware Ssd Dc P4800x Ssd Dc P4800x Firmware Ssd Dc P4801x Ssd Dc P4801x Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:ssd_dc_p4800x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4800x:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:ssd_dc_p4801x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4801x:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:optane_ssd_900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_ssd_900p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:optane_ssd_905p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_ssd_905p:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2020-11-12T17:59:01

Updated: 2024-08-04T06:02:52.344Z

Reserved: 2019-10-28T00:00:00

Link: CVE-2020-0584

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-12T18:15:12.907

Modified: 2020-11-19T14:48:09.287

Link: CVE-2020-0584

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series", "vendor": "n/a", "versions": [{"status": "affected", "version": "See references"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access."}], "problemTypes": [{"descriptions": [{"description": "a denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-12T17:59:01", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-0584", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series", "version": {"version_data": [{"version_value": "See references"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "a denial of service"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:02:52.344Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-0584", "datePublished": "2020-11-12T17:59:01", "dateReserved": "2019-10-28T00:00:00", "dateUpdated": "2024-08-04T06:02:52.344Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4800x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA2079DA-BEB7-426C-8AA3-DBAF339A67F9", "versionEndExcluding": "e2010485", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4800x:-:*:*:*:*:*:*:*", "matchCriteriaId": "9CB70E56-CE0F-4935-AB6D-E22C43C1279C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4801x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E424829-6122-4A3F-B2E3-F344F7A3975D", "versionEndExcluding": "e2010485", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4801x:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC985659-EC05-4682-A1E9-65B0CFEBD91F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_ssd_900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C09CBDA-E2CB-41F2-8991-EE63641A3456", "versionEndExcluding": "e2010480", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_ssd_900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AFC9CF7-581F-4B2D-B93C-3D7E3C136F4C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_ssd_905p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "582A6D20-9AE9-4C1C-BCC8-E4C118EF5B7B", "versionEndExcluding": "e2010480", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_ssd_905p:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BD5595C-0047-441A-B398-8ACA421BB439", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access."}, {"lang": "es", "value": "Un desbordamiento del b\u00fafer en el firmware para Intel\u00ae SSD DC P4800X y P4801X Series, Intel\u00ae Optane\u2122 SSD 900P y 905P Series puede habilitar a un usuario no autenticado para permitir potencialmente una denegaci\u00f3n de servicio por medio de un acceso local"}], "id": "CVE-2020-0584", "lastModified": "2020-11-19T14:48:09.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-12T18:15:12.907", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}