Details of VAR-202011-0149

ID

VAR-202011-0149

CVE

CVE-2020-12307

TITLE

Intel(R) High Definition Audio Vulnerability in improper default permissions in driver

Trust: 0.8

sources: JVNDB: JVNDB-2020-013445

DESCRIPTION

Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel High Definition Audio drivers is an audio codec driver from Intel Corporation. An authorization issue vulnerability exists in Intel High Definition Audio drivers. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. No detailed vulnerability details were provided at this time

Trust: 1.71

sources: NVD: CVE-2020-12307 // JVNDB: JVNDB-2020-013445 // VULHUB: VHN-164972

AFFECTED PRODUCTS

vendor:	intel	model:	high definition audio driver	scope:	lt	version:	9.21.00.4561	Trust: 1.0
vendor:	インテル	model:	intel high definition audio driver	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel high definition audio driver	scope:	eq	version:	9.21.00.4561	Trust: 0.8

sources: JVNDB: JVNDB-2020-013445 // NVD: CVE-2020-12307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12307
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12307
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1702
value:	HIGH
Trust: 0.6
VULHUB:	VHN-164972
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12307
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-164972
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12307
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12307
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164972 // JVNDB: JVNDB-2020-013445 // CNNVD: CNNVD-201911-1702 // NVD: CVE-2020-12307

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-164972 // JVNDB: JVNDB-2020-013445 // NVD: CVE-2020-12307

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1702

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201911-1702

PATCH

title:	INTEL-SA-00409	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00409	Trust: 0.8
title:	Intel High Definition Audio drivers Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134998	Trust: 0.6

sources: JVNDB: JVNDB-2020-013445 // CNNVD: CNNVD-201911-1702

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12307	Trust: 2.5
db:	JVN	id:	JVNVU98002571	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-013445	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3986	Trust: 0.6
db:	LENOVO	id:	LEN-45680	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1702	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66374	Trust: 0.1
db:	VULHUB	id:	VHN-164972	Trust: 0.1

sources: VULHUB: VHN-164972 // JVNDB: JVNDB-2020-013445 // CNNVD: CNNVD-201911-1702 // NVD: CVE-2020-12307

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00409	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12307	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu98002571/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.3986/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-45680	Trust: 0.6

sources: VULHUB: VHN-164972 // JVNDB: JVNDB-2020-013445 // CNNVD: CNNVD-201911-1702 // NVD: CVE-2020-12307

SOURCES

db:	VULHUB	id:	VHN-164972
db:	JVNDB	id:	JVNDB-2020-013445
db:	CNNVD	id:	CNNVD-201911-1702
db:	NVD	id:	CVE-2020-12307

LAST UPDATE DATE

2024-11-23T21:23:51.693000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164972	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013445	date:	2021-07-06T04:58:00
db:	CNNVD	id:	CNNVD-201911-1702	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-12307	date:	2024-11-21T04:59:29.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164972	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013445	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201911-1702	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-12307	date:	2020-11-12T18:15:13.767