Details of VAR-202011-0157

ID

VAR-202011-0157

CVE

CVE-2020-12315

TITLE

Intel(R) EMA Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2020-013299

DESCRIPTION

Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) EMA Contains a path traversal vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. Intel Active Management Technology versions prior to 1.3.3 have an access control error vulnerability, which stems from the fact that network systems or products do not properly restrict resource access from unauthorized roles

Trust: 1.71

sources: NVD: CVE-2020-12315 // JVNDB: JVNDB-2020-013299 // VULHUB: VHN-164981

AFFECTED PRODUCTS

vendor:	intel	model:	endpoint management assistant	scope:	lt	version:	1.3.3	Trust: 1.0
vendor:	インテル	model:	intel endpoint management assistant	scope:	eq	version:	1.3.3	Trust: 0.8
vendor:	インテル	model:	intel endpoint management assistant	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013299 // NVD: CVE-2020-12315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12315
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-12315
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202011-938
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-164981
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-12315
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-164981
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12315
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12315
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164981 // JVNDB: JVNDB-2020-013299 // CNNVD: CNNVD-202011-938 // NVD: CVE-2020-12315

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-164981 // JVNDB: JVNDB-2020-013299 // NVD: CVE-2020-12315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-938

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202011-938

PATCH

title:	INTEL-SA-00412	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00412.html	Trust: 0.8
title:	Intel Active Management Technology Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135013	Trust: 0.6

sources: JVNDB: JVNDB-2020-013299 // CNNVD: CNNVD-202011-938

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12315	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013299	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-938	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3963	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66314	Trust: 0.1
db:	VULHUB	id:	VHN-164981	Trust: 0.1

sources: VULHUB: VHN-164981 // JVNDB: JVNDB-2020-013299 // CNNVD: CNNVD-202011-938 // NVD: CVE-2020-12315

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00412	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12315	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3963/	Trust: 0.6

sources: VULHUB: VHN-164981 // JVNDB: JVNDB-2020-013299 // CNNVD: CNNVD-202011-938 // NVD: CVE-2020-12315

SOURCES

db:	VULHUB	id:	VHN-164981
db:	JVNDB	id:	JVNDB-2020-013299
db:	CNNVD	id:	CNNVD-202011-938
db:	NVD	id:	CVE-2020-12315

LAST UPDATE DATE

2024-11-23T21:51:14.016000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164981	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013299	date:	2021-06-23T08:06:00
db:	CNNVD	id:	CNNVD-202011-938	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-12315	date:	2024-11-21T04:59:30.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164981	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013299	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-938	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12315	date:	2020-11-12T19:15:12.833