Details of VAR-202011-0142

ID

VAR-202011-0142

CVE

CVE-2020-12354

TITLE

Intel(R) AMT SDK Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013434

DESCRIPTION

Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) AMT SDK Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-12354 // JVNDB: JVNDB-2020-013434 // VULHUB: VHN-165024

AFFECTED PRODUCTS

vendor:	intel	model:	active management technology software development kit	scope:	lt	version:	14.0.0.1	Trust: 1.0
vendor:	インテル	model:	intel active management technology software development kit	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel active management technology software development kit	scope:	eq	version:	14.0.0.1	Trust: 0.8

sources: JVNDB: JVNDB-2020-013434 // NVD: CVE-2020-12354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12354
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12354
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1675
value:	HIGH
Trust: 0.6
VULHUB:	VHN-165024
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12354
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-165024
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12354
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12354
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165024 // JVNDB: JVNDB-2020-013434 // CNNVD: CNNVD-201911-1675 // NVD: CVE-2020-12354

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-165024 // JVNDB: JVNDB-2020-013434 // NVD: CVE-2020-12354

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1675

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-1675

PATCH

title:	INTEL-SA-00391	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 0.8
title:	Intel AMT SDK for Windows Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133851	Trust: 0.6

sources: JVNDB: JVNDB-2020-013434 // CNNVD: CNNVD-201911-1675

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12354	Trust: 2.5
db:	JVN	id:	JVNVU98002571	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-013434	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1675	Trust: 0.6
db:	VULHUB	id:	VHN-165024	Trust: 0.1

sources: VULHUB: VHN-165024 // JVNDB: JVNDB-2020-013434 // CNNVD: CNNVD-201911-1675 // NVD: CVE-2020-12354

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0003/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12354	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu98002571/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-165024 // JVNDB: JVNDB-2020-013434 // CNNVD: CNNVD-201911-1675 // NVD: CVE-2020-12354

SOURCES

db:	VULHUB	id:	VHN-165024
db:	JVNDB	id:	JVNDB-2020-013434
db:	CNNVD	id:	CNNVD-201911-1675
db:	NVD	id:	CVE-2020-12354

LAST UPDATE DATE

2024-11-23T19:45:29.859000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165024	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013434	date:	2021-07-06T04:56:00
db:	CNNVD	id:	CNNVD-201911-1675	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-12354	date:	2024-11-21T04:59:33.757

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165024	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013434	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201911-1675	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-12354	date:	2020-11-12T18:15:14.673