Details of VAR-202011-0137

ID

VAR-202011-0137

CVE

CVE-2020-12349

TITLE

Intel(R) Data Center Manager Console Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013306

DESCRIPTION

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.71

sources: NVD: CVE-2020-12349 // JVNDB: JVNDB-2020-013306 // VULHUB: VHN-165018

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	3.6.2	Trust: 1.0
vendor:	インテル	model:	intel data center manager	scope:	eq	version:	3.6.2	Trust: 0.8
vendor:	インテル	model:	intel data center manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013306 // NVD: CVE-2020-12349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12349
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-12349
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-855
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-165018
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12349
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-165018
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12349
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12349
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165018 // JVNDB: JVNDB-2020-013306 // CNNVD: CNNVD-202011-855 // NVD: CVE-2020-12349

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-165018 // JVNDB: JVNDB-2020-013306 // NVD: CVE-2020-12349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-855

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-855

PATCH

title:	INTEL-SA-00430	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430.html	Trust: 0.8
title:	Intel Data Center Manager Console Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134970	Trust: 0.6

sources: JVNDB: JVNDB-2020-013306 // CNNVD: CNNVD-202011-855

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12349	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013306	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-855	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3953	Trust: 0.6
db:	VULHUB	id:	VHN-165018	Trust: 0.1

sources: VULHUB: VHN-165018 // JVNDB: JVNDB-2020-013306 // CNNVD: CNNVD-202011-855 // NVD: CVE-2020-12349

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12349	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3953/	Trust: 0.6

sources: VULHUB: VHN-165018 // JVNDB: JVNDB-2020-013306 // CNNVD: CNNVD-202011-855 // NVD: CVE-2020-12349

SOURCES

db:	VULHUB	id:	VHN-165018
db:	JVNDB	id:	JVNDB-2020-013306
db:	CNNVD	id:	CNNVD-202011-855
db:	NVD	id:	CVE-2020-12349

LAST UPDATE DATE

2024-11-23T21:51:14.090000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165018	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013306	date:	2021-06-23T08:06:00
db:	CNNVD	id:	CNNVD-202011-855	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-12349	date:	2024-11-21T04:59:33.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165018	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013306	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-855	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12349	date:	2020-11-12T19:15:14.347