Sign-up

ID

VAR-202004-0092


CVE

CVE-2020-0598


TITLE

Windows for Intel(R) Binary Configuration Tool Unreliable search path vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004599

DESCRIPTION

Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be put into a state. Intel Binary Configuration Tool is a utility from Intel Corporation of America to change configuration settings embedded in Intel FSP (Firmware Support Package) binary files. A security vulnerability exists in the installer of the Windows-based Intel Binary Configuration Tool. An attacker could exploit this vulnerability to elevate privileges with a specially crafted file

Trust: 1.71

sources: NVD: CVE-2020-0598 // JVNDB: JVNDB-2020-004599 // VULHUB: VHN-162032

AFFECTED PRODUCTS

vendor:intelmodel:binary configuration toolscope:eqversion:*

Trust: 1.0

vendor:intelmodel:binary configuration toolscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-004599 // NVD: CVE-2020-0598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0598
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004599
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1198
value: MEDIUM

Trust: 0.6

VULHUB: VHN-162032
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-0598
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004599
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-162032
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-0598
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004599
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-162032 // JVNDB: JVNDB-2020-004599 // CNNVD: CNNVD-202004-1198 // NVD: CVE-2020-0598

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.9

sources: VULHUB: VHN-162032 // JVNDB: JVNDB-2020-004599 // NVD: CVE-2020-0598

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1198

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004599

PATCH
title:INTEL-SA-00359url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004599

EXTERNAL IDS
db:NVDid:CVE-2020-0598
Trust: 2.5
db:JVNDBid:JVNDB-2020-004599
Trust: 0.8
db:CNNVDid:CNNVD-202004-1198
Trust: 0.7
db:VULHUBid:VHN-162032
Trust: 0.1
sources:
            
            
            VULHUB: VHN-162032 // 
            
            
            
            JVNDB: JVNDB-2020-004599 // 
            
            
            
            CNNVD: CNNVD-202004-1198 // 
            
            
            
            NVD: CVE-2020-0598

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0598
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0598
Trust: 0.8
sources:
            
            
            VULHUB: VHN-162032 // 
            
            
            
            JVNDB: JVNDB-2020-004599 // 
            
            
            
            CNNVD: CNNVD-202004-1198 // 
            
            
            
            NVD: CVE-2020-0598

SOURCES
db:VULHUBid:VHN-162032
db:JVNDBid:JVNDB-2020-004599
db:CNNVDid:CNNVD-202004-1198
db:NVDid:CVE-2020-0598

LAST UPDATE DATE
2024-11-23T22:41:08.298000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-162032date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2020-004599date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1198date:2020-04-22T00:00:00
db:NVDid:CVE-2020-0598date:2024-11-21T04:53:49.727

SOURCES RELEASE DATE
db:VULHUBid:VHN-162032date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004599date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1198date:2020-04-15T00:00:00
db:NVDid:CVE-2020-0598date:2020-04-15T17:15:14.263