Details of VAR-202102-0268

ID

VAR-202102-0268

CVE

CVE-2020-24485

TITLE

Linux for Intel(R) FPGA OPAE Vulnerability in uncontrolled search path elements in driver

Trust: 0.8

sources: JVNDB: JVNDB-2020-015983

DESCRIPTION

Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. Linux for Intel(R) FPGA OPAE The driver contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There are permissions and access control vulnerabilities in Intel Trace Analyzer and Collector, which originate from the lack of effective permissions and access control measures in network systems or products

Trust: 1.71

sources: NVD: CVE-2020-24485 // JVNDB: JVNDB-2020-015983 // VULHUB: VHN-178368

AFFECTED PRODUCTS

vendor:	intel	model:	trace analyzer and collector	scope:	eq	version:	update3	Trust: 1.0
vendor:	intel	model:	trace analyzer and collector	scope:	eq	version:	update1	Trust: 1.0
vendor:	intel	model:	trace analyzer and collector	scope:	eq	version:	update2	Trust: 1.0
vendor:	intel	model:	trace analyzer and collector	scope:	lt	version:	2020	Trust: 1.0
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015983 // NVD: CVE-2020-24485

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24485
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-24485
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-993
value:	HIGH
Trust: 0.6
VULHUB:	VHN-178368
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-24485
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-178368
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-24485
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24485
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-178368 // JVNDB: JVNDB-2020-015983 // CNNVD: CNNVD-202102-993 // NVD: CVE-2020-24485

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-178368 // JVNDB: JVNDB-2020-015983 // NVD: CVE-2020-24485

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-993

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-993

PATCH

title:	INTEL-SA-00440	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00440.html	Trust: 0.8
title:	Intel Trace Analyzer and Collector Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142614	Trust: 0.6

sources: JVNDB: JVNDB-2020-015983 // CNNVD: CNNVD-202102-993

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24485	Trust: 2.5
db:	JVN	id:	JVNVU99965981	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-015983	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0486	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2003	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-993	Trust: 0.6
db:	VULHUB	id:	VHN-178368	Trust: 0.1

sources: VULHUB: VHN-178368 // JVNDB: JVNDB-2020-015983 // CNNVD: CNNVD-202102-993 // NVD: CVE-2020-24485

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00440.html	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu99965981/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24485	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00475.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0486	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2003	Trust: 0.6

sources: VULHUB: VHN-178368 // JVNDB: JVNDB-2020-015983 // CNNVD: CNNVD-202102-993 // NVD: CVE-2020-24485

SOURCES

db:	VULHUB	id:	VHN-178368
db:	JVNDB	id:	JVNDB-2020-015983
db:	CNNVD	id:	CNNVD-202102-993
db:	NVD	id:	CVE-2020-24485

LAST UPDATE DATE

2024-11-23T20:34:13.341000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-178368	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-015983	date:	2021-10-29T08:23:00
db:	CNNVD	id:	CNNVD-202102-993	date:	2021-06-10T00:00:00
db:	NVD	id:	CVE-2020-24485	date:	2024-11-21T05:14:53.817

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-178368	date:	2021-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-015983	date:	2021-10-29T00:00:00
db:	CNNVD	id:	CNNVD-202102-993	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2020-24485	date:	2021-02-17T14:15:17.593