Details of VAR-202011-0158

ID

VAR-202011-0158

CVE

CVE-2020-12316

TITLE

Intel(R) EMA Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013300

DESCRIPTION

Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. Intel(R) EMA Exists in an inadequate protection of credentials.Information may be obtained. Intel Endpoint Management Assistant (Intel EMA) is a management software developed by Intel Corporation for managing remote devices. The software provides security and convenience for telecommuting

Trust: 1.71

sources: NVD: CVE-2020-12316 // JVNDB: JVNDB-2020-013300 // VULHUB: VHN-164982

AFFECTED PRODUCTS

vendor:	intel	model:	endpoint management assistant	scope:	lt	version:	1.3.3	Trust: 1.0
vendor:	インテル	model:	intel endpoint management assistant	scope:	eq	version:	1.3.3	Trust: 0.8
vendor:	インテル	model:	intel endpoint management assistant	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013300 // NVD: CVE-2020-12316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12316
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-12316
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-947
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-164982
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-12316
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-164982
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12316
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12316
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164982 // JVNDB: JVNDB-2020-013300 // CNNVD: CNNVD-202011-947 // NVD: CVE-2020-12316

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-164982 // JVNDB: JVNDB-2020-013300 // NVD: CVE-2020-12316

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-947

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-947

PATCH

title:	INTEL-SA-00412	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00412.html	Trust: 0.8
title:	Intel EMA Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133915	Trust: 0.6

sources: JVNDB: JVNDB-2020-013300 // CNNVD: CNNVD-202011-947

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12316	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013300	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-947	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3963	Trust: 0.6
db:	VULHUB	id:	VHN-164982	Trust: 0.1

sources: VULHUB: VHN-164982 // JVNDB: JVNDB-2020-013300 // CNNVD: CNNVD-202011-947 // NVD: CVE-2020-12316

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00412	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12316	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3963/	Trust: 0.6

sources: VULHUB: VHN-164982 // JVNDB: JVNDB-2020-013300 // CNNVD: CNNVD-202011-947 // NVD: CVE-2020-12316

SOURCES

db:	VULHUB	id:	VHN-164982
db:	JVNDB	id:	JVNDB-2020-013300
db:	CNNVD	id:	CNNVD-202011-947
db:	NVD	id:	CVE-2020-12316

LAST UPDATE DATE

2024-11-23T21:51:13.991000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164982	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013300	date:	2021-06-23T08:06:00
db:	CNNVD	id:	CNNVD-202011-947	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-12316	date:	2024-11-21T04:59:30.210

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164982	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013300	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-947	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12316	date:	2020-11-12T19:15:12.910