ID

VAR-202102-0072


CVE

CVE-2020-12366


TITLE

Intel(R) Graphics Drivers  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-016025

DESCRIPTION

Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. Intel(R) Graphics Drivers Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.8

sources: NVD: CVE-2020-12366 // JVNDB: JVNDB-2020-016025 // VULHUB: VHN-165037 // VULMON: CVE-2020-12366

AFFECTED PRODUCTS

vendor:intelmodel:graphics driversscope:ltversion:27.20.100.8587

Trust: 1.0

vendor:インテルmodel:intel graphics driversscope:eqversion: -

Trust: 0.8

vendor:インテルmodel:intel graphics driversscope:eqversion:27.20.100.8587

Trust: 0.8

sources: JVNDB: JVNDB-2020-016025 // NVD: CVE-2020-12366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12366
value: HIGH

Trust: 1.0

NVD: CVE-2020-12366
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202102-827
value: HIGH

Trust: 0.6

VULHUB: VHN-165037
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-12366
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12366
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-165037
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12366
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-12366
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-165037 // VULMON: CVE-2020-12366 // JVNDB: JVNDB-2020-016025 // CNNVD: CNNVD-202102-827 // NVD: CVE-2020-12366

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-165037 // JVNDB: JVNDB-2020-016025 // NVD: CVE-2020-12366

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-827

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202102-827

PATCH

title:INTEL-SA-00438url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html

Trust: 0.8

title:Intel Graphics Drivers Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142588

Trust: 0.6

title:HP: HPSBHF03719 rev. 1 - Intel® Graphics Drivers February 2021 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03719

Trust: 0.1

sources: VULMON: CVE-2020-12366 // JVNDB: JVNDB-2020-016025 // CNNVD: CNNVD-202102-827

EXTERNAL IDS

db:NVDid:CVE-2020-12366

Trust: 2.6

db:JVNid:JVNVU93808918

Trust: 0.8

db:JVNDBid:JVNDB-2020-016025

Trust: 0.8

db:LENOVOid:LEN-51723

Trust: 0.6

db:AUSCERTid:ESB-2021.0472

Trust: 0.6

db:CNNVDid:CNNVD-202102-827

Trust: 0.6

db:VULHUBid:VHN-165037

Trust: 0.1

db:VULMONid:CVE-2020-12366

Trust: 0.1

sources: VULHUB: VHN-165037 // VULMON: CVE-2020-12366 // JVNDB: JVNDB-2020-016025 // CNNVD: CNNVD-202102-827 // NVD: CVE-2020-12366

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-12366

Trust: 1.4

url:https://jvn.jp/vu/jvnvu93808918/index.html

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.0472

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-51723

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-graphics-drivers-multiple-vulnerabilities-34748

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.hp.com/us-en/document/c07023592

Trust: 0.1

sources: VULHUB: VHN-165037 // VULMON: CVE-2020-12366 // JVNDB: JVNDB-2020-016025 // CNNVD: CNNVD-202102-827 // NVD: CVE-2020-12366

SOURCES

db:VULHUBid:VHN-165037
db:VULMONid:CVE-2020-12366
db:JVNDBid:JVNDB-2020-016025
db:CNNVDid:CNNVD-202102-827
db:NVDid:CVE-2020-12366

LAST UPDATE DATE

2024-08-14T13:04:52.514000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-165037date:2021-02-22T00:00:00
db:VULMONid:CVE-2020-12366date:2021-02-22T00:00:00
db:JVNDBid:JVNDB-2020-016025date:2021-11-01T04:52:00
db:CNNVDid:CNNVD-202102-827date:2021-12-06T00:00:00
db:NVDid:CVE-2020-12366date:2021-02-22T19:41:41.560

SOURCES RELEASE DATE

db:VULHUBid:VHN-165037date:2021-02-17T00:00:00
db:VULMONid:CVE-2020-12366date:2021-02-17T00:00:00
db:JVNDBid:JVNDB-2020-016025date:2021-11-01T00:00:00
db:CNNVDid:CNNVD-202102-827date:2021-02-09T00:00:00
db:NVDid:CVE-2020-12366date:2021-02-17T14:15:15.280