Details of VAR-202011-0178

ID

VAR-202011-0178

CVE

CVE-2020-12333

TITLE

Intel(R) QAT for Linux Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013593

DESCRIPTION

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) QAT for Linux Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel QuickAssist Technology for Linux is a technology of Intel Corporation that can improve server utilization. This technology balances server pressure by sharing the pressure of computing-intensive tasks to improve server efficiency

Trust: 1.71

sources: NVD: CVE-2020-12333 // JVNDB: JVNDB-2020-013593 // VULHUB: VHN-165001

AFFECTED PRODUCTS

vendor:	intel	model:	quickassist technology	scope:	lt	version:	1.7.l.4.10.0	Trust: 1.0
vendor:	インテル	model:	intel quickassist technology for linux	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel quickassist technology for linux	scope:	eq	version:	1.7.l.4.10.0	Trust: 0.8

sources: JVNDB: JVNDB-2020-013593 // NVD: CVE-2020-12333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12333
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12333
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-944
value:	HIGH
Trust: 0.6
VULHUB:	VHN-165001
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12333
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-165001
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12333
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12333
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165001 // JVNDB: JVNDB-2020-013593 // CNNVD: CNNVD-202011-944 // NVD: CVE-2020-12333

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-165001 // JVNDB: JVNDB-2020-013593 // NVD: CVE-2020-12333

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-944

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-944

PATCH

title:	INTEL-SA-00420	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00420.html	Trust: 0.8
title:	Intel QAT Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133912	Trust: 0.6

sources: JVNDB: JVNDB-2020-013593 // CNNVD: CNNVD-202011-944

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12333	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013593	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-944	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3968	Trust: 0.6
db:	VULHUB	id:	VHN-165001	Trust: 0.1

sources: VULHUB: VHN-165001 // JVNDB: JVNDB-2020-013593 // CNNVD: CNNVD-202011-944 // NVD: CVE-2020-12333

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00420	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12333	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3968/	Trust: 0.6

sources: VULHUB: VHN-165001 // JVNDB: JVNDB-2020-013593 // CNNVD: CNNVD-202011-944 // NVD: CVE-2020-12333

SOURCES

db:	VULHUB	id:	VHN-165001
db:	JVNDB	id:	JVNDB-2020-013593
db:	CNNVD	id:	CNNVD-202011-944
db:	NVD	id:	CVE-2020-12333

LAST UPDATE DATE

2024-11-23T22:21:00.577000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165001	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013593	date:	2021-07-08T07:58:00
db:	CNNVD	id:	CNNVD-202011-944	date:	2020-12-03T00:00:00
db:	NVD	id:	CVE-2020-12333	date:	2024-11-21T04:59:32.020

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165001	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013593	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202011-944	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12333	date:	2020-11-12T19:15:13.790