Details of VAR-202011-0138

ID

VAR-202011-0138

CVE

CVE-2020-12350

TITLE

Intel(R) XTU Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2020-013307

DESCRIPTION

Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) XTU Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Extreme Tuning Utility is a software from Intel Corporation that can increase CPU frequency. In addition to supporting CPU and graphics card overclocking, the software also has the functions of system hardware information detection and real-time monitoring of the current system status to ensure system stability after overclocking

Trust: 1.71

sources: NVD: CVE-2020-12350 // JVNDB: JVNDB-2020-013307 // VULHUB: VHN-165020

AFFECTED PRODUCTS

vendor:	intel	model:	extreme tuning utility	scope:	lt	version:	6.5.1.360	Trust: 1.0
vendor:	インテル	model:	intel extreme tuning utility	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel extreme tuning utility	scope:	eq	version:	6.5.1.360	Trust: 0.8

sources: JVNDB: JVNDB-2020-013307 // NVD: CVE-2020-12350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12350
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12350
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-945
value:	HIGH
Trust: 0.6
VULHUB:	VHN-165020
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12350
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-165020
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12350
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12350
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165020 // JVNDB: JVNDB-2020-013307 // CNNVD: CNNVD-202011-945 // NVD: CVE-2020-12350

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-269	Trust: 0.1

sources: VULHUB: VHN-165020 // JVNDB: JVNDB-2020-013307 // NVD: CVE-2020-12350

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-945

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-945

PATCH

title:	INTEL-SA-00429	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00429.html	Trust: 0.8
title:	Intel XTU Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133913	Trust: 0.6

sources: JVNDB: JVNDB-2020-013307 // CNNVD: CNNVD-202011-945

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12350	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013307	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-945	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3969	Trust: 0.6
db:	VULHUB	id:	VHN-165020	Trust: 0.1

sources: VULHUB: VHN-165020 // JVNDB: JVNDB-2020-013307 // CNNVD: CNNVD-202011-945 // NVD: CVE-2020-12350

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00429	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12350	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3969/	Trust: 0.6

sources: VULHUB: VHN-165020 // JVNDB: JVNDB-2020-013307 // CNNVD: CNNVD-202011-945 // NVD: CVE-2020-12350

SOURCES

db:	VULHUB	id:	VHN-165020
db:	JVNDB	id:	JVNDB-2020-013307
db:	CNNVD	id:	CNNVD-202011-945
db:	NVD	id:	CVE-2020-12350

LAST UPDATE DATE

2024-11-23T22:44:24.450000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165020	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-013307	date:	2021-06-23T08:06:00
db:	CNNVD	id:	CNNVD-202011-945	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-12350	date:	2024-11-21T04:59:33.297

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165020	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013307	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-945	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12350	date:	2020-11-12T19:15:14.427