Details of VAR-202011-0171

ID

VAR-202011-0171

CVE

CVE-2020-12326

TITLE

Windows for Intel(R) Thunderbolt(TM) DCH Driver initialization vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013412

DESCRIPTION

Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. Windows for Intel(R) Thunderbolt(TM) DCH The driver contains an initialization vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-12326 // JVNDB: JVNDB-2020-013412 // VULHUB: VHN-164993

AFFECTED PRODUCTS

vendor:	intel	model:	thunderbolt dch driver	scope:	lt	version:	72	Trust: 1.0
vendor:	インテル	model:	thunderbolt dch driver	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	thunderbolt dch driver	scope:	eq	version:	72	Trust: 0.8

sources: JVNDB: JVNDB-2020-013412 // NVD: CVE-2020-12326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12326
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-12326
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1678
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-164993
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-12326
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-164993
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12326
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12326
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164993 // JVNDB: JVNDB-2020-013412 // CNNVD: CNNVD-201911-1678 // NVD: CVE-2020-12326

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.1
problemtype:	Improper initialization (CWE-665) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-164993 // JVNDB: JVNDB-2020-013412 // NVD: CVE-2020-12326

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1678

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-1678

PATCH

title:	INTEL-SA-00422	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00422.html	Trust: 0.8
title:	Intel Thunderbolt DCH drivers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134986	Trust: 0.6

sources: JVNDB: JVNDB-2020-013412 // CNNVD: CNNVD-201911-1678

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12326	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013412	Trust: 0.8
db:	LENOVO	id:	LEN-45678	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3955	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1678	Trust: 0.6
db:	VULHUB	id:	VHN-164993	Trust: 0.1

sources: VULHUB: VHN-164993 // JVNDB: JVNDB-2020-013412 // CNNVD: CNNVD-201911-1678 // NVD: CVE-2020-12326

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00422	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12326	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3955/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-45678	Trust: 0.6

sources: VULHUB: VHN-164993 // JVNDB: JVNDB-2020-013412 // CNNVD: CNNVD-201911-1678 // NVD: CVE-2020-12326

SOURCES

db:	VULHUB	id:	VHN-164993
db:	JVNDB	id:	JVNDB-2020-013412
db:	CNNVD	id:	CNNVD-201911-1678
db:	NVD	id:	CVE-2020-12326

LAST UPDATE DATE

2024-11-23T22:11:16.728000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164993	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013412	date:	2021-07-02T04:35:00
db:	CNNVD	id:	CNNVD-201911-1678	date:	2022-02-10T00:00:00
db:	NVD	id:	CVE-2020-12326	date:	2024-11-21T04:59:31.287

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164993	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013412	date:	2021-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201911-1678	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-12326	date:	2020-11-12T19:15:13.270