Details of VAR-202011-1366

ID

VAR-202011-1366

CVE

CVE-2020-8669

TITLE

Intel(R) Data Center Manager Console Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013376

DESCRIPTION

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.71

sources: NVD: CVE-2020-8669 // JVNDB: JVNDB-2020-013376 // VULHUB: VHN-186794

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	3.6.2	Trust: 1.0
vendor:	インテル	model:	intel data center manager	scope:	eq	version:	3.6.2	Trust: 0.8
vendor:	インテル	model:	intel data center manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013376 // NVD: CVE-2020-8669

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8669
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8669
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-854
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186794
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8669
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186794
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8669
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8669
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186794 // JVNDB: JVNDB-2020-013376 // CNNVD: CNNVD-202011-854 // NVD: CVE-2020-8669

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186794 // JVNDB: JVNDB-2020-013376 // NVD: CVE-2020-8669

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-854

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-854

PATCH

title:	INTEL-SA-00430	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430.html	Trust: 0.8
title:	Intel Data Center Manager Console Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133835	Trust: 0.6

sources: JVNDB: JVNDB-2020-013376 // CNNVD: CNNVD-202011-854

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8669	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013376	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-854	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3953	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66316	Trust: 0.1
db:	VULHUB	id:	VHN-186794	Trust: 0.1

sources: VULHUB: VHN-186794 // JVNDB: JVNDB-2020-013376 // CNNVD: CNNVD-202011-854 // NVD: CVE-2020-8669

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8669	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3953/	Trust: 0.6

sources: VULHUB: VHN-186794 // JVNDB: JVNDB-2020-013376 // CNNVD: CNNVD-202011-854 // NVD: CVE-2020-8669

SOURCES

db:	VULHUB	id:	VHN-186794
db:	JVNDB	id:	JVNDB-2020-013376
db:	CNNVD	id:	CNNVD-202011-854
db:	NVD	id:	CVE-2020-8669

LAST UPDATE DATE

2024-11-23T21:51:14.144000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186794	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013376	date:	2021-06-29T05:28:00
db:	CNNVD	id:	CNNVD-202011-854	date:	2020-12-03T00:00:00
db:	NVD	id:	CVE-2020-8669	date:	2024-11-21T05:39:13.563

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186794	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013376	date:	2021-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202011-854	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-8669	date:	2020-11-12T19:15:15.363