Sign-up

ID

VAR-202003-0354


CVE

CVE-2020-0508


TITLE

Intel(R) Graphics Driver Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003081

DESCRIPTION

Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel Graphics Drivers prior to 15.33.49.5100, prior to 15.36.38.5117, prior to 15.40.44.5107, prior to 15.45.30.5103, and prior to 26.20.100.7212

Trust: 1.71

sources: NVD: CVE-2020-0508 // JVNDB: JVNDB-2020-003081 // VULHUB: VHN-161942

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:ltversion:15.33.49.5100

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.36.38.5117

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.45

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:26.20.100.7212

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.45.30.5103

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:15.40.44.5107

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.33

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.36

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.40

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:26.20

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.49.5100

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.36.38.5117

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.40.44.5107

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.45.30.5103

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:26.20.100.7212

Trust: 0.8

sources: JVNDB: JVNDB-2020-003081 // NVD: CVE-2020-0508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0508
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003081
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-557
value: HIGH

Trust: 0.6

VULHUB: VHN-161942
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0508
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003081
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-161942
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0508
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003081
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-161942 // JVNDB: JVNDB-2020-003081 // CNNVD: CNNVD-202003-557 // NVD: CVE-2020-0508

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.9

sources: VULHUB: VHN-161942 // JVNDB: JVNDB-2020-003081 // NVD: CVE-2020-0508

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-557

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-557

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003081

PATCH
title:INTEL-SA-00315url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html
Trust: 0.8
title:Intel Graphics Drivers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112240
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003081 // 
            
            
            
            CNNVD: CNNVD-202003-557

EXTERNAL IDS
db:NVDid:CVE-2020-0508
Trust: 2.5
db:JVNid:JVNVU94445466
Trust: 0.8
db:JVNDBid:JVNDB-2020-003081
Trust: 0.8
db:CNNVDid:CNNVD-202003-557
Trust: 0.7
db:LENOVOid:LEN-30555
Trust: 0.6
db:AUSCERTid:ESB-2020.0871
Trust: 0.6
db:VULHUBid:VHN-161942
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161942 // 
            
            
            
            JVNDB: JVNDB-2020-003081 // 
            
            
            
            CNNVD: CNNVD-202003-557 // 
            
            
            
            NVD: CVE-2020-0508

REFERENCES
url:https://security.netapp.com/advisory/ntap-20200320-0003/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0508
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0508
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94445466/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0871/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-30555
Trust: 0.6
sources:
            
            
            VULHUB: VHN-161942 // 
            
            
            
            JVNDB: JVNDB-2020-003081 // 
            
            
            
            CNNVD: CNNVD-202003-557 // 
            
            
            
            NVD: CVE-2020-0508

SOURCES
db:VULHUBid:VHN-161942
db:JVNDBid:JVNDB-2020-003081
db:CNNVDid:CNNVD-202003-557
db:NVDid:CVE-2020-0508

LAST UPDATE DATE
2024-11-23T19:43:06.783000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161942date:2021-05-19T00:00:00
db:JVNDBid:JVNDB-2020-003081date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-557date:2021-05-24T00:00:00
db:NVDid:CVE-2020-0508date:2024-11-21T04:53:38.377

SOURCES RELEASE DATE
db:VULHUBid:VHN-161942date:2020-03-12T00:00:00
db:JVNDBid:JVNDB-2020-003081date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-557date:2020-03-10T00:00:00
db:NVDid:CVE-2020-0508date:2020-03-12T20:15:12.457