Sign-up

ID

VAR-202008-1133


CVE

CVE-2020-8687


TITLE

Intel(R) Server Board M10JNP2SB for Intel(R) RSTe Software RAID Driver Vulnerability in uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009492

DESCRIPTION

Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be put into a state. Intel Server Board is a server motherboard of Intel Corporation of the United States. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.8

sources: NVD: CVE-2020-8687 // JVNDB: JVNDB-2020-009492 // VULHUB: VHN-186812 // VULMON: CVE-2020-8687

AFFECTED PRODUCTS

vendor:intelmodel:rste software raidscope:ltversion:4.7.0.1119

Trust: 1.0

vendor:intelmodel:rste software raid driverscope:eqversion:4.7.0.1119

Trust: 0.8

sources: JVNDB: JVNDB-2020-009492 // NVD: CVE-2020-8687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8687
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009492
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-737
value: HIGH

Trust: 0.6

VULHUB: VHN-186812
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8687
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8687
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009492
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186812
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8687
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009492
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186812 // VULMON: CVE-2020-8687 // JVNDB: JVNDB-2020-009492 // CNNVD: CNNVD-202008-737 // NVD: CVE-2020-8687

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-186812 // JVNDB: JVNDB-2020-009492 // NVD: CVE-2020-8687

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-737

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202008-737

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009492

PATCH
title:INTEL-SA-00377url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00377.html
Trust: 0.8
title:Intel Server Board M10JNP2SB Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126403
Trust: 0.6
title:CVE-Flowurl:https://github.com/404notf0und/CVE-Flow 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-8687 // 
            
            
            
            JVNDB: JVNDB-2020-009492 // 
            
            
            
            CNNVD: CNNVD-202008-737

EXTERNAL IDS
db:NVDid:CVE-2020-8687
Trust: 2.6
db:JVNid:JVNVU99606488
Trust: 0.8
db:JVNDBid:JVNDB-2020-009492
Trust: 0.8
db:CNNVDid:CNNVD-202008-737
Trust: 0.7
db:NSFOCUSid:49023
Trust: 0.6
db:CNVDid:CNVD-2020-47310
Trust: 0.1
db:VULHUBid:VHN-186812
Trust: 0.1
db:VULMONid:CVE-2020-8687
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186812 // 
            
            
            
            VULMON: CVE-2020-8687 // 
            
            
            
            JVNDB: JVNDB-2020-009492 // 
            
            
            
            CNNVD: CNNVD-202008-737 // 
            
            
            
            NVD: CVE-2020-8687

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00377.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-8687
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8687
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99606488
Trust: 0.8
url:http://www.nsfocus.net/vulndb/49023
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/427.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/186601
Trust: 0.1
url:https://github.com/404notf0und/cve-flow
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186812 // 
            
            
            
            VULMON: CVE-2020-8687 // 
            
            
            
            JVNDB: JVNDB-2020-009492 // 
            
            
            
            CNNVD: CNNVD-202008-737 // 
            
            
            
            NVD: CVE-2020-8687

SOURCES
db:VULHUBid:VHN-186812
db:VULMONid:CVE-2020-8687
db:JVNDBid:JVNDB-2020-009492
db:CNNVDid:CNNVD-202008-737
db:NVDid:CVE-2020-8687

LAST UPDATE DATE
2024-11-23T21:35:22.115000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-186812date:2020-08-19T00:00:00
db:VULMONid:CVE-2020-8687date:2020-08-19T00:00:00
db:JVNDBid:JVNDB-2020-009492date:2020-11-10T06:27:05
db:CNNVDid:CNNVD-202008-737date:2020-09-23T00:00:00
db:NVDid:CVE-2020-8687date:2024-11-21T05:39:15.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-186812date:2020-08-13T00:00:00
db:VULMONid:CVE-2020-8687date:2020-08-13T00:00:00
db:JVNDBid:JVNDB-2020-009492date:2020-11-10T06:27:05
db:CNNVDid:CNNVD-202008-737date:2020-08-13T00:00:00
db:NVDid:CVE-2020-8687date:2020-08-13T04:15:13.883