Sign-up

ID

VAR-202003-0361


CVE

CVE-2020-0520


TITLE

Intel(R) Graphics Driver Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003085

DESCRIPTION

Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. Intel(R) Graphics Driver Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A path traversal vulnerability exists in the igdkmd64.sys file in Intel Graphics Drivers. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel Graphics Drivers prior to 15.45.30.5103, prior to 15.40.44.5107, prior to 15.36.38.5117, and prior to 15.33.49.5100

Trust: 1.71

sources: NVD: CVE-2020-0520 // JVNDB: JVNDB-2020-003085 // VULHUB: VHN-161954

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:ltversion:15.33.49.5100

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.36.38.5117

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.45

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.45.30.5103

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.40

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.40.44.5107

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.33

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.36

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.49.5100

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.36.38.5117

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.40.44.5107

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.45.30.5103

Trust: 0.8

sources: JVNDB: JVNDB-2020-003085 // NVD: CVE-2020-0520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0520
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003085
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-537
value: HIGH

Trust: 0.6

VULHUB: VHN-161954
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0520
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003085
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161954
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0520
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003085
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161954 // JVNDB: JVNDB-2020-003085 // CNNVD: CNNVD-202003-537 // NVD: CVE-2020-0520

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-161954 // JVNDB: JVNDB-2020-003085 // NVD: CVE-2020-0520

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-537

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202003-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003085

PATCH
title:INTEL-SA-00315url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html
Trust: 0.8
title:Intel Graphics Drivers Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112006
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003085 // 
            
            
            
            CNNVD: CNNVD-202003-537

EXTERNAL IDS
db:NVDid:CVE-2020-0520
Trust: 2.5
db:JVNid:JVNVU94445466
Trust: 0.8
db:JVNDBid:JVNDB-2020-003085
Trust: 0.8
db:CNNVDid:CNNVD-202003-537
Trust: 0.7
db:LENOVOid:LEN-30555
Trust: 0.6
db:AUSCERTid:ESB-2020.0871
Trust: 0.6
db:CNVDid:CNVD-2020-16724
Trust: 0.1
db:VULHUBid:VHN-161954
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161954 // 
            
            
            
            JVNDB: JVNDB-2020-003085 // 
            
            
            
            CNNVD: CNNVD-202003-537 // 
            
            
            
            NVD: CVE-2020-0520

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200320-0003/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0520
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0520
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94445466/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0871/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30555
Trust: 0.6
sources:
            
            
            VULHUB: VHN-161954 // 
            
            
            
            JVNDB: JVNDB-2020-003085 // 
            
            
            
            CNNVD: CNNVD-202003-537 // 
            
            
            
            NVD: CVE-2020-0520

CREDITS
Ori Nimron (@orinimron123)
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202003-537

SOURCES
db:VULHUBid:VHN-161954
db:JVNDBid:JVNDB-2020-003085
db:CNNVDid:CNNVD-202003-537
db:NVDid:CVE-2020-0520

LAST UPDATE DATE
2024-11-23T19:39:26.292000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161954date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-003085date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-537date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0520date:2024-11-21T04:53:39.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-161954date:2020-03-12T00:00:00
db:JVNDBid:JVNDB-2020-003085date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-537date:2020-03-10T00:00:00
db:NVDid:CVE-2020-0520date:2020-03-12T20:15:12.957