CVE-2020-8749 Vulnerability Analysis & Exploit Details

CVE-2020-8749 Vulnerability Summary

CVE-2020-8749: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.077% (probability of exploit)

EPSS Percentile: 36.49% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 63.51% of others.

CVE-2020-8749 References

External References

• https://security.netapp.com/advisory/ntap-20201113-0003/
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391
• https://security.netapp.com/advisory/ntap-20201113-0003/
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Overread Buffers CAPEC-540 An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Vulnerable Configurations

• cpe:2.3:o:intel:active_management_technology_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:1.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:1.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:2.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:2.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:2.1:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:2.1:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:2.2:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:2.2:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:2.5:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:2.5:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:2.6:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:2.6:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:3.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:3.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:3.1:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:3.1:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:3.2:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:3.2:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:4.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:4.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:4.1:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:5.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:5.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:6.1:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:6.1:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:6.2:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:6.2:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:7.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:7.1:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:7.1:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:8.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:8.1:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:9.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:9.1:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:9.1:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:9.5:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:9.5:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:10.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:10.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.2:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.2:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.5:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.5:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.6:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.6:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.7:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.7:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.8:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.8:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.8.50.3420:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.8.50.3420:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.8.60:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.8.60:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.8.65:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.8.65:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.8.70:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.8.70:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.8.76:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.8.76:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.8.77:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.8.77:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.8.79:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.8.79:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.12.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.12.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.12.77:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.12.77:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.12.79:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.12.79:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.22.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.22.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.22.60:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.22.60:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.22.65:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.22.65:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.22.70:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.22.70:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.22.76:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.22.76:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.22.77:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.22.77:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:11.22.79:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:11.22.79:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0.5:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0.5:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0.20:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0.20:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0.35:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0.35:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0.45:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0.45:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0.63:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0.63:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0.64:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0.64:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:12.0.68:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:12.0.68:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:14.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:14.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:14.0.0:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:14.0.0:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:14.0.10:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:14.0.10:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:14.0.32:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:14.0.32:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:14.0.33:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:14.0.33:*:*:*:*:*:*:*
• cpe:2.3:o:intel:active_management_technology_firmware:14.0.39:*:*:*:*:*:*:*
  cpe:2.3:o:intel:active_management_technology_firmware:14.0.39:*:*:*:*:*:*:*
• cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-2130 – A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticke...
• CVE-2025-26205 – Lua 5.4.7, when the debug library is used, has a out-of-bounds read and segmentation violation in mainpositionTV in ltable.c. NOTE: this is dispute...
• CVE-2025-26204 – Lua 5.4.7, when the debug library is used, has a out-of-bounds read and segmentation violation in equalkey in ltable.c. NOTE: this is disputed beca...
• CVE-2025-2129 – A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecur...
• CVE-2025-2127 – A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of th...