The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following:

  - Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80,     11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of     privileges via network access. (CVE-2020-8752)

  - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and     14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of     service via network access. (CVE-2020-8747)

  - Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and     14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent     access. (CVE-2020-8749)

Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this time.

Detections

Analytics

Intel Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391)

critical Nessus Plugin ID 143151

Version 1.240