ID

VAR-202003-0356


CVE

CVE-2020-0514


TITLE

Intel(R) Graphics Driver Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003082

DESCRIPTION

Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2020-0514 // JVNDB: JVNDB-2020-003082 // VULHUB: VHN-161948

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:gteversion:15.45

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:26.20

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.45.30.5103

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:26.20.100.7463

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.45.30.5103

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:26.20.100.7463

Trust: 0.8

sources: JVNDB: JVNDB-2020-003082 // NVD: CVE-2020-0514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0514
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003082
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-551
value: HIGH

Trust: 0.6

VULHUB: VHN-161948
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0514
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003082
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161948
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0514
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003082
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161948 // JVNDB: JVNDB-2020-003082 // CNNVD: CNNVD-202003-551 // NVD: CVE-2020-0514

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.9

sources: VULHUB: VHN-161948 // JVNDB: JVNDB-2020-003082 // NVD: CVE-2020-0514

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-551

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-551

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003082

PATCH

title:INTEL-SA-00315url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html

Trust: 0.8

title:Intel Graphics Drivers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111497

Trust: 0.6

sources: JVNDB: JVNDB-2020-003082 // CNNVD: CNNVD-202003-551

EXTERNAL IDS

db:NVDid:CVE-2020-0514

Trust: 2.5

db:JVNid:JVNVU94445466

Trust: 0.8

db:JVNDBid:JVNDB-2020-003082

Trust: 0.8

db:CNNVDid:CNNVD-202003-551

Trust: 0.7

db:LENOVOid:LEN-30555

Trust: 0.6

db:AUSCERTid:ESB-2020.0871

Trust: 0.6

db:VULHUBid:VHN-161948

Trust: 0.1

sources: VULHUB: VHN-161948 // JVNDB: JVNDB-2020-003082 // CNNVD: CNNVD-202003-551 // NVD: CVE-2020-0514

REFERENCES

url:https://security.netapp.com/advisory/ntap-20200320-0003/

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-0514

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0514

Trust: 0.8

url:http://jvn.jp/vu/jvnvu94445466/index.html

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0871/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-30555

Trust: 0.6

sources: VULHUB: VHN-161948 // JVNDB: JVNDB-2020-003082 // CNNVD: CNNVD-202003-551 // NVD: CVE-2020-0514

CREDITS

Jimmy Bayne

Trust: 0.6

sources: CNNVD: CNNVD-202003-551

SOURCES

db:VULHUBid:VHN-161948
db:JVNDBid:JVNDB-2020-003082
db:CNNVDid:CNNVD-202003-551
db:NVDid:CVE-2020-0514

LAST UPDATE DATE

2024-11-23T19:53:33.582000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-161948date:2020-03-23T00:00:00
db:JVNDBid:JVNDB-2020-003082date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-551date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0514date:2024-11-21T04:53:38.927

SOURCES RELEASE DATE

db:VULHUBid:VHN-161948date:2020-03-12T00:00:00
db:JVNDBid:JVNDB-2020-003082date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-551date:2020-03-10T00:00:00
db:NVDid:CVE-2020-0514date:2020-03-12T20:15:12.580