Details of VAR-202008-0093

ID

VAR-202008-0093

CVE

CVE-2020-12287

TITLE

Intel(R) Distribution of OpenVINO(TM) Toolkit Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-009309

DESCRIPTION

Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Distribution of OpenVINO(TM) Toolkit Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. A security vulnerability exists in version 2020.2 of the Intel Distribution of OpenVINO(TM) Toolkit. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2020-12287 // JVNDB: JVNDB-2020-009309 // VULHUB: VHN-164950

AFFECTED PRODUCTS

vendor:	intel	model:	distribution of openvino toolkit	scope:	lt	version:	2020.2	Trust: 1.0
vendor:	インテル	model:	distribution of openvino toolkit	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	distribution of openvino toolkit	scope:	lt	version:	2020.2	Trust: 0.8

sources: JVNDB: JVNDB-2020-009309 // NVD: CVE-2020-12287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12287
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12287
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-706
value:	HIGH
Trust: 0.6
VULHUB:	VHN-164950
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12287
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-164950
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12287
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12287
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164950 // JVNDB: JVNDB-2020-009309 // CNNVD: CNNVD-202008-706 // NVD: CVE-2020-12287

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-164950 // JVNDB: JVNDB-2020-009309 // NVD: CVE-2020-12287

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-706

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-706

PATCH

title:	INTEL-SA-00399	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00399.html	Trust: 0.8
title:	Intel Distribution of OpenVINO(TM) Toolkit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126718	Trust: 0.6

sources: JVNDB: JVNDB-2020-009309 // CNNVD: CNNVD-202008-706

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12287	Trust: 2.5
db:	JVN	id:	JVNVU99606488	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-009309	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-706	Trust: 0.7
db:	VULHUB	id:	VHN-164950	Trust: 0.1

sources: VULHUB: VHN-164950 // JVNDB: JVNDB-2020-009309 // CNNVD: CNNVD-202008-706 // NVD: CVE-2020-12287

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00399.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12287	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99606488/	Trust: 0.8

sources: VULHUB: VHN-164950 // JVNDB: JVNDB-2020-009309 // CNNVD: CNNVD-202008-706 // NVD: CVE-2020-12287

SOURCES

db:	VULHUB	id:	VHN-164950
db:	JVNDB	id:	JVNDB-2020-009309
db:	CNNVD	id:	CNNVD-202008-706
db:	NVD	id:	CVE-2020-12287

LAST UPDATE DATE

2024-11-23T21:35:21.592000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164950	date:	2020-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-009309	date:	2020-10-27T08:20:00
db:	CNNVD	id:	CNNVD-202008-706	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-12287	date:	2024-11-21T04:59:27.180

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164950	date:	2020-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-009309	date:	2020-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202008-706	date:	2020-08-12T00:00:00
db:	NVD	id:	CVE-2020-12287	date:	2020-08-13T03:15:12.413