Sign-up

ID

VAR-202003-0357


CVE

CVE-2020-0515


TITLE

Intel(R) Graphics Driver Vulnerability in uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003083

DESCRIPTION

Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in the installer in Intel Graphics Drivers. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.8

sources: NVD: CVE-2020-0515 // JVNDB: JVNDB-2020-003083 // VULHUB: VHN-161949 // VULMON: CVE-2020-0515

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:ltversion:15.33.49.5100

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.36.38.5117

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.45

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.45.30.5103

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.40.44.5107

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.33

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.36

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:26.20.100.7584

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.40

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:26.20

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.49.5100

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.36.38.5117

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.40.44.5107

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.45.30.5103

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:26.20.100.7584

Trust: 0.8

sources: JVNDB: JVNDB-2020-003083 // NVD: CVE-2020-0515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0515
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003083
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-548
value: HIGH

Trust: 0.6

VULHUB: VHN-161949
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-0515
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0515
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003083
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161949
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0515
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003083
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161949 // VULMON: CVE-2020-0515 // JVNDB: JVNDB-2020-003083 // CNNVD: CNNVD-202003-548 // NVD: CVE-2020-0515

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-161949 // JVNDB: JVNDB-2020-003083 // NVD: CVE-2020-0515

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-548

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-548

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003083

PATCH
title:INTEL-SA-00315url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html
Trust: 0.8
title:Intel Graphics Drivers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111494
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003083 // 
            
            
            
            CNNVD: CNNVD-202003-548

EXTERNAL IDS
db:NVDid:CVE-2020-0515
Trust: 2.6
db:JVNid:JVNVU94445466
Trust: 0.8
db:JVNDBid:JVNDB-2020-003083
Trust: 0.8
db:CNNVDid:CNNVD-202003-548
Trust: 0.7
db:LENOVOid:LEN-30555
Trust: 0.6
db:AUSCERTid:ESB-2020.0871
Trust: 0.6
db:VULHUBid:VHN-161949
Trust: 0.1
db:VULMONid:CVE-2020-0515
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161949 // 
            
            
            
            VULMON: CVE-2020-0515 // 
            
            
            
            JVNDB: JVNDB-2020-003083 // 
            
            
            
            CNNVD: CNNVD-202003-548 // 
            
            
            
            NVD: CVE-2020-0515

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200320-0003/
Trust: 1.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html
Trust: 1.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-0515
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0515
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94445466/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0871/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30555
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/427.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/177431
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161949 // 
            
            
            
            VULMON: CVE-2020-0515 // 
            
            
            
            JVNDB: JVNDB-2020-003083 // 
            
            
            
            CNNVD: CNNVD-202003-548 // 
            
            
            
            NVD: CVE-2020-0515

CREDITS
Stefan Kanthak
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202003-548

SOURCES
db:VULHUBid:VHN-161949
db:VULMONid:CVE-2020-0515
db:JVNDBid:JVNDB-2020-003083
db:CNNVDid:CNNVD-202003-548
db:NVDid:CVE-2020-0515

LAST UPDATE DATE
2024-11-23T20:05:46.798000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161949date:2021-05-19T00:00:00
db:VULMONid:CVE-2020-0515date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-003083date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-548date:2021-08-16T00:00:00
db:NVDid:CVE-2020-0515date:2024-11-21T04:53:39.043

SOURCES RELEASE DATE
db:VULHUBid:VHN-161949date:2020-03-12T00:00:00
db:VULMONid:CVE-2020-0515date:2020-03-12T00:00:00
db:JVNDBid:JVNDB-2020-003083date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-548date:2020-03-10T00:00:00
db:NVDid:CVE-2020-0515date:2020-03-12T20:15:12.643