Sign-up

ID

VAR-202008-1125


CVE

CVE-2020-8736


TITLE

Intel(R) Computing Improvement Program Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009509

DESCRIPTION

Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Computing Improvement Program Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Computing Improvement Program is a software improvement program application program of Intel Corporation. This program is used to collect computer function usage information, component usage information, operating system information, etc. An attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2020-8736 // JVNDB: JVNDB-2020-009509 // VULHUB: VHN-186861

AFFECTED PRODUCTS

vendor:intelmodel:computing improvement programscope:ltversion:2.4.5718

Trust: 1.0

vendor:intelmodel:computing improvement programscope:eqversion:2.4.5718

Trust: 0.8

sources: JVNDB: JVNDB-2020-009509 // NVD: CVE-2020-8736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8736
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009509
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-731
value: HIGH

Trust: 0.6

VULHUB: VHN-186861
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8736
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009509
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186861
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8736
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009509
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186861 // JVNDB: JVNDB-2020-009509 // CNNVD: CNNVD-202008-731 // NVD: CVE-2020-8736

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-186861 // JVNDB: JVNDB-2020-009509 // NVD: CVE-2020-8736

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-731

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-731

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009509

PATCH
title:INTEL-SA-00387url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00387.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-009509

EXTERNAL IDS
db:NVDid:CVE-2020-8736
Trust: 2.5
db:JVNid:JVNVU99606488
Trust: 0.8
db:JVNDBid:JVNDB-2020-009509
Trust: 0.8
db:CNNVDid:CNNVD-202008-731
Trust: 0.7
db:NSFOCUSid:48146
Trust: 0.6
db:VULHUBid:VHN-186861
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186861 // 
            
            
            
            JVNDB: JVNDB-2020-009509 // 
            
            
            
            CNNVD: CNNVD-202008-731 // 
            
            
            
            NVD: CVE-2020-8736

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00387.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-8736
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8736
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99606488
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48146
Trust: 0.6
sources:
            
            
            VULHUB: VHN-186861 // 
            
            
            
            JVNDB: JVNDB-2020-009509 // 
            
            
            
            CNNVD: CNNVD-202008-731 // 
            
            
            
            NVD: CVE-2020-8736

SOURCES
db:VULHUBid:VHN-186861
db:JVNDBid:JVNDB-2020-009509
db:CNNVDid:CNNVD-202008-731
db:NVDid:CVE-2020-8736

LAST UPDATE DATE
2024-11-23T21:35:21.523000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-186861date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-009509date:2020-11-10T07:39:50
db:CNNVDid:CNNVD-202008-731date:2020-08-27T00:00:00
db:NVDid:CVE-2020-8736date:2024-11-21T05:39:21.163

SOURCES RELEASE DATE
db:VULHUBid:VHN-186861date:2020-08-13T00:00:00
db:JVNDBid:JVNDB-2020-009509date:2020-11-10T07:39:50
db:CNNVDid:CNNVD-202008-731date:2020-08-12T00:00:00
db:NVDid:CVE-2020-8736date:2020-08-13T03:15:16.430