Details of VAR-202003-0348

ID

VAR-202003-0348

CVE

CVE-2020-0502

TITLE

Intel(R) Graphics Driver Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002978

DESCRIPTION

Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2020-0502 // JVNDB: JVNDB-2020-002978 // VULHUB: VHN-161936

AFFECTED PRODUCTS

vendor:	intel	model:	graphics driver	scope:	lt	version:	26.20.100.6912	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	26.20.100.6912	Trust: 0.8

sources: JVNDB: JVNDB-2020-002978 // NVD: CVE-2020-0502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0502
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002978
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-571
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-161936
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-0502
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002978
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-161936
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-0502
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002978
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-161936 // JVNDB: JVNDB-2020-002978 // CNNVD: CNNVD-202003-571 // NVD: CVE-2020-0502

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-269	Trust: 0.9

sources: VULHUB: VHN-161936 // JVNDB: JVNDB-2020-002978 // NVD: CVE-2020-0502

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-571

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-571

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002978

PATCH

title:	INTEL-SA-00315	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html	Trust: 0.8
title:	Intel Graphics Drivers Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111517	Trust: 0.6

sources: JVNDB: JVNDB-2020-002978 // CNNVD: CNNVD-202003-571

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0502	Trust: 2.5
db:	JVN	id:	JVNVU94445466	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-002978	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-571	Trust: 0.7
db:	LENOVO	id:	LEN-30555	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0871	Trust: 0.6
db:	VULHUB	id:	VHN-161936	Trust: 0.1

sources: VULHUB: VHN-161936 // JVNDB: JVNDB-2020-002978 // CNNVD: CNNVD-202003-571 // NVD: CVE-2020-0502

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20200320-0003/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0502	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0502	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94445466/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0871/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-30555	Trust: 0.6

sources: VULHUB: VHN-161936 // JVNDB: JVNDB-2020-002978 // CNNVD: CNNVD-202003-571 // NVD: CVE-2020-0502

SOURCES

db:	VULHUB	id:	VHN-161936
db:	JVNDB	id:	JVNDB-2020-002978
db:	CNNVD	id:	CNNVD-202003-571
db:	NVD	id:	CVE-2020-0502

LAST UPDATE DATE

2024-11-23T20:27:29.286000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-161936	date:	2022-01-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-002978	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-571	date:	2022-01-04T00:00:00
db:	NVD	id:	CVE-2020-0502	date:	2024-11-21T04:53:37.723

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-161936	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-002978	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-571	date:	2020-03-10T00:00:00
db:	NVD	id:	CVE-2020-0502	date:	2020-03-12T18:15:11.883