Details of VAR-202011-0135

ID

VAR-202011-0135

CVE

CVE-2020-12346

TITLE

Intel(R) Battery Life Diagnostic Tool Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013374

DESCRIPTION

Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Battery Life Diagnostic Tool Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Battery Life Diagnostic Tool is a battery life analysis software developed by Intel Corporation

Trust: 1.71

sources: NVD: CVE-2020-12346 // JVNDB: JVNDB-2020-013374 // VULHUB: VHN-165015

AFFECTED PRODUCTS

vendor:	intel	model:	battery life diagnostic tool	scope:	lt	version:	1.0.7	Trust: 1.0
vendor:	インテル	model:	battery life diagnostic tool	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	battery life diagnostic tool	scope:	eq	version:	1.0.7	Trust: 0.8

sources: JVNDB: JVNDB-2020-013374 // NVD: CVE-2020-12346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12346
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12346
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-934
value:	HIGH
Trust: 0.6
VULHUB:	VHN-165015
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12346
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-165015
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12346
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12346
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165015 // JVNDB: JVNDB-2020-013374 // CNNVD: CNNVD-202011-934 // NVD: CVE-2020-12346

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-165015 // JVNDB: JVNDB-2020-013374 // NVD: CVE-2020-12346

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-934

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-934

PATCH

title:	INTEL-SA-00431	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00431.html	Trust: 0.8
title:	Intel Battery Life Diagnostic Tool Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135011	Trust: 0.6

sources: JVNDB: JVNDB-2020-013374 // CNNVD: CNNVD-202011-934

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12346	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013374	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-934	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3981	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66313	Trust: 0.1
db:	VULHUB	id:	VHN-165015	Trust: 0.1

sources: VULHUB: VHN-165015 // JVNDB: JVNDB-2020-013374 // CNNVD: CNNVD-202011-934 // NVD: CVE-2020-12346

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00431	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12346	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3981/	Trust: 0.6

sources: VULHUB: VHN-165015 // JVNDB: JVNDB-2020-013374 // CNNVD: CNNVD-202011-934 // NVD: CVE-2020-12346

SOURCES

db:	VULHUB	id:	VHN-165015
db:	JVNDB	id:	JVNDB-2020-013374
db:	CNNVD	id:	CNNVD-202011-934
db:	NVD	id:	CVE-2020-12346

LAST UPDATE DATE

2024-11-23T22:51:15.145000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165015	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013374	date:	2021-06-29T05:28:00
db:	CNNVD	id:	CNNVD-202011-934	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-12346	date:	2024-11-21T04:59:32.973

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165015	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013374	date:	2021-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202011-934	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12346	date:	2020-11-12T19:15:14.223