Details of VAR-202011-0104

ID

VAR-202011-0104

CVE

CVE-2020-0575

TITLE

Windows for Intel(R) Unite Client Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013216

DESCRIPTION

Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. Windows for Intel(R) Unite Client Is vulnerable to a buffer error.Information may be obtained. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. An attacker could exploit this vulnerability to cause information leakage

Trust: 1.71

sources: NVD: CVE-2020-0575 // JVNDB: JVNDB-2020-013216 // VULHUB: VHN-162009

AFFECTED PRODUCTS

vendor:	intel	model:	unite	scope:	lt	version:	4.2.13064	Trust: 1.0
vendor:	インテル	model:	intel unite	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel unite	scope:	eq	version:	4.2.13064	Trust: 0.8

sources: JVNDB: JVNDB-2020-013216 // NVD: CVE-2020-0575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0575
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-0575
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-929
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-162009
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-0575
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-162009
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-0575
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-0575
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-162009 // JVNDB: JVNDB-2020-013216 // CNNVD: CNNVD-202011-929 // NVD: CVE-2020-0575

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-162009 // JVNDB: JVNDB-2020-013216 // NVD: CVE-2020-0575

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-929

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202011-929

PATCH

title:	INTEL-SA-00350	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00350.html	Trust: 0.8
title:	Intel Unite Client Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134619	Trust: 0.6

sources: JVNDB: JVNDB-2020-013216 // CNNVD: CNNVD-202011-929

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0575	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013216	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-929	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3989	Trust: 0.6
db:	LENOVO	id:	LEN-50823	Trust: 0.6
db:	VULHUB	id:	VHN-162009	Trust: 0.1

sources: VULHUB: VHN-162009 // JVNDB: JVNDB-2020-013216 // CNNVD: CNNVD-202011-929 // NVD: CVE-2020-0575

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00350	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0575	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3989/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-50823	Trust: 0.6

sources: VULHUB: VHN-162009 // JVNDB: JVNDB-2020-013216 // CNNVD: CNNVD-202011-929 // NVD: CVE-2020-0575

SOURCES

db:	VULHUB	id:	VHN-162009
db:	JVNDB	id:	JVNDB-2020-013216
db:	CNNVD	id:	CNNVD-202011-929
db:	NVD	id:	CVE-2020-0575

LAST UPDATE DATE

2024-11-23T22:05:23.975000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-162009	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-013216	date:	2021-06-21T09:03:00
db:	CNNVD	id:	CNNVD-202011-929	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-0575	date:	2024-11-21T04:53:47.470

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-162009	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013216	date:	2021-06-21T00:00:00
db:	CNNVD	id:	CNNVD-202011-929	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-0575	date:	2020-11-12T18:15:12.830