Sign-up

ID

VAR-202004-0365


CVE

CVE-2020-0578


TITLE

Intel(R) Modular Server MFS2600KISPP Compute Privilege management vulnerabilities in modules

Trust: 0.8

sources: JVNDB: JVNDB-2020-004598

DESCRIPTION

Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (DoS) It may be put into a state. Intel Modular Server MFS2600KISPP Compute Module is a computing module of American Intel Corporation. An attacker in a physical location can use this vulnerability to elevate permissions

Trust: 2.16

sources: NVD: CVE-2020-0578 // JVNDB: JVNDB-2020-004598 // CNVD: CNVD-2020-28231

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28231

AFFECTED PRODUCTS

vendor:intelmodel:compute module mfs2600kiscope:eqversion:*

Trust: 1.0

vendor:intelmodel:compute module mfs2600kiscope: - version: -

Trust: 0.8

vendor:intelmodel:modular server mfs2600kispp compute modulescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-28231 // JVNDB: JVNDB-2020-004598 // NVD: CVE-2020-0578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0578
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004598
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-28231
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1199
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-0578
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004598
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28231
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-0578
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004598
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28231 // JVNDB: JVNDB-2020-004598 // CNNVD: CNNVD-202004-1199 // NVD: CVE-2020-0578

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2020-004598 // NVD: CVE-2020-0578

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1199

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004598

PATCH
title:INTEL-SA-00351url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004598

EXTERNAL IDS
db:NVDid:CVE-2020-0578
Trust: 3.0
db:JVNDBid:JVNDB-2020-004598
Trust: 0.8
db:CNVDid:CNVD-2020-28231
Trust: 0.6
db:CNNVDid:CNNVD-202004-1199
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28231 // 
            
            
            
            JVNDB: JVNDB-2020-004598 // 
            
            
            
            CNNVD: CNNVD-202004-1199 // 
            
            
            
            NVD: CVE-2020-0578

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-0578
Trust: 2.0
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0578
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-28231 // 
            
            
            
            JVNDB: JVNDB-2020-004598 // 
            
            
            
            CNNVD: CNNVD-202004-1199 // 
            
            
            
            NVD: CVE-2020-0578

SOURCES
db:CNVDid:CNVD-2020-28231
db:JVNDBid:JVNDB-2020-004598
db:CNNVDid:CNNVD-202004-1199
db:NVDid:CVE-2020-0578

LAST UPDATE DATE
2024-08-14T15:33:36.426000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28231date:2020-05-14T00:00:00
db:JVNDBid:JVNDB-2020-004598date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1199date:2020-04-22T00:00:00
db:NVDid:CVE-2020-0578date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28231date:2020-05-14T00:00:00
db:JVNDBid:JVNDB-2020-004598date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1199date:2020-04-15T00:00:00
db:NVDid:CVE-2020-0578date:2020-04-15T17:15:14.217