Sign-up

ID

VAR-202004-0364


CVE

CVE-2020-0577


TITLE

Intel(R) Modular Server MFS2600KISPP Compute Privilege management vulnerabilities in modules

Trust: 0.8

sources: JVNDB: JVNDB-2020-004597

DESCRIPTION

Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (DoS) It may be put into a state. Intel Modular Server MFS2600KISPP Compute Module is a computing module of American Intel Corporation. The vulnerability stems from the failure to properly access control. An attacker can use the specially crafted request to exploit the vulnerability to elevate permissions

Trust: 2.16

sources: NVD: CVE-2020-0577 // JVNDB: JVNDB-2020-004597 // CNVD: CNVD-2020-28230

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28230

AFFECTED PRODUCTS

vendor:intelmodel:compute module mfs2600kiscope:eqversion:*

Trust: 1.0

vendor:intelmodel:compute module mfs2600kiscope: - version: -

Trust: 0.8

vendor:intelmodel:modular server mfs2600kispp compute modulescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-28230 // JVNDB: JVNDB-2020-004597 // NVD: CVE-2020-0577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0577
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004597
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-28230
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1200
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-0577
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004597
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28230
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-0577
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004597
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28230 // JVNDB: JVNDB-2020-004597 // CNNVD: CNNVD-202004-1200 // NVD: CVE-2020-0577

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2020-004597 // NVD: CVE-2020-0577

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1200

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004597

PATCH
title:INTEL-SA-00351url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004597

EXTERNAL IDS
db:NVDid:CVE-2020-0577
Trust: 3.0
db:JVNDBid:JVNDB-2020-004597
Trust: 0.8
db:CNVDid:CNVD-2020-28230
Trust: 0.6
db:CNNVDid:CNNVD-202004-1200
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28230 // 
            
            
            
            JVNDB: JVNDB-2020-004597 // 
            
            
            
            CNNVD: CNNVD-202004-1200 // 
            
            
            
            NVD: CVE-2020-0577

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-0577
Trust: 2.0
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0577
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-28230 // 
            
            
            
            JVNDB: JVNDB-2020-004597 // 
            
            
            
            CNNVD: CNNVD-202004-1200 // 
            
            
            
            NVD: CVE-2020-0577

SOURCES
db:CNVDid:CNVD-2020-28230
db:JVNDBid:JVNDB-2020-004597
db:CNNVDid:CNNVD-202004-1200
db:NVDid:CVE-2020-0577

LAST UPDATE DATE
2024-11-23T22:44:37.521000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28230date:2020-05-14T00:00:00
db:JVNDBid:JVNDB-2020-004597date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1200date:2020-04-22T00:00:00
db:NVDid:CVE-2020-0577date:2024-11-21T04:53:47.690

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28230date:2020-05-14T00:00:00
db:JVNDBid:JVNDB-2020-004597date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1200date:2020-04-15T00:00:00
db:NVDid:CVE-2020-0577date:2020-04-15T17:15:14.170