Details of VAR-202011-0136

ID

VAR-202011-0136

CVE

CVE-2020-12347

TITLE

Intel(R) Data Center Manager Console Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013305

DESCRIPTION

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access. Intel Data Center Manager SDK is a data center management SDK (Software Development Kit) of Intel Corporation. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.8

sources: NVD: CVE-2020-12347 // JVNDB: JVNDB-2020-013305 // VULHUB: VHN-165016 // VULMON: CVE-2020-12347

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	3.6.2	Trust: 1.0
vendor:	インテル	model:	intel data center manager	scope:	eq	version:	3.6.2	Trust: 0.8
vendor:	インテル	model:	intel data center manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013305 // NVD: CVE-2020-12347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12347
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12347
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-863
value:	HIGH
Trust: 0.6
VULHUB:	VHN-165016
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12347
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12347
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-165016
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12347
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12347
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165016 // VULMON: CVE-2020-12347 // JVNDB: JVNDB-2020-013305 // CNNVD: CNNVD-202011-863 // NVD: CVE-2020-12347

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-165016 // JVNDB: JVNDB-2020-013305 // NVD: CVE-2020-12347

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-863

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-863

PATCH

title:	INTEL-SA-00430	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430.html	Trust: 0.8
title:	Intel Data Center Manager Console Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133844	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/	Trust: 0.1

sources: VULMON: CVE-2020-12347 // JVNDB: JVNDB-2020-013305 // CNNVD: CNNVD-202011-863

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12347	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-013305	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-863	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3953	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66319	Trust: 0.1
db:	VULHUB	id:	VHN-165016	Trust: 0.1
db:	VULMON	id:	CVE-2020-12347	Trust: 0.1

sources: VULHUB: VHN-165016 // VULMON: CVE-2020-12347 // JVNDB: JVNDB-2020-013305 // CNNVD: CNNVD-202011-863 // NVD: CVE-2020-12347

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12347	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3953/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/	Trust: 0.1

sources: VULHUB: VHN-165016 // VULMON: CVE-2020-12347 // JVNDB: JVNDB-2020-013305 // CNNVD: CNNVD-202011-863 // NVD: CVE-2020-12347

SOURCES

db:	VULHUB	id:	VHN-165016
db:	VULMON	id:	CVE-2020-12347
db:	JVNDB	id:	JVNDB-2020-013305
db:	CNNVD	id:	CNNVD-202011-863
db:	NVD	id:	CVE-2020-12347

LAST UPDATE DATE

2024-11-23T21:51:14.116000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165016	date:	2020-11-20T00:00:00
db:	VULMON	id:	CVE-2020-12347	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013305	date:	2021-06-23T08:06:00
db:	CNNVD	id:	CNNVD-202011-863	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-12347	date:	2024-11-21T04:59:33.070

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165016	date:	2020-11-12T00:00:00
db:	VULMON	id:	CVE-2020-12347	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013305	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-863	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12347	date:	2020-11-12T19:15:14.287