Details of VAR-202011-0150

ID

VAR-202011-0150

CVE

CVE-2020-12308

TITLE

Intel(R) Computing Improvement Program Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013438

DESCRIPTION

Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. Intel(R) Computing Improvement Program Contains an unspecified vulnerability.Information may be obtained. This program is used to collect computer function usage information, component usage information, operating system information, etc

Trust: 1.71

sources: NVD: CVE-2020-12308 // JVNDB: JVNDB-2020-013438 // VULHUB: VHN-164973

AFFECTED PRODUCTS

vendor:	intel	model:	computing improvement program	scope:	lt	version:	2.4.5982	Trust: 1.0
vendor:	インテル	model:	intel computing improvement program	scope:	eq	version:	2.4.5982	Trust: 0.8
vendor:	インテル	model:	intel computing improvement program	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013438 // NVD: CVE-2020-12308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12308
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-12308
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-922
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-164973
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12308
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-164973
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12308
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12308
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164973 // JVNDB: JVNDB-2020-013438 // CNNVD: CNNVD-202011-922 // NVD: CVE-2020-12308

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013438 // NVD: CVE-2020-12308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-922

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-922

PATCH

title:	INTEL-SA-00410	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00410	Trust: 0.8
title:	Intel Computing Improvement Program Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135008	Trust: 0.6

sources: JVNDB: JVNDB-2020-013438 // CNNVD: CNNVD-202011-922

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12308	Trust: 2.5
db:	JVN	id:	JVNVU98002571	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-013438	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4008	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-922	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66317	Trust: 0.1
db:	VULHUB	id:	VHN-164973	Trust: 0.1

sources: VULHUB: VHN-164973 // JVNDB: JVNDB-2020-013438 // CNNVD: CNNVD-202011-922 // NVD: CVE-2020-12308

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00410	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12308	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu98002571/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.4008/	Trust: 0.6

sources: VULHUB: VHN-164973 // JVNDB: JVNDB-2020-013438 // CNNVD: CNNVD-202011-922 // NVD: CVE-2020-12308

SOURCES

db:	VULHUB	id:	VHN-164973
db:	JVNDB	id:	JVNDB-2020-013438
db:	CNNVD	id:	CNNVD-202011-922
db:	NVD	id:	CVE-2020-12308

LAST UPDATE DATE

2024-11-23T21:03:43.731000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164973	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013438	date:	2021-07-06T04:58:00
db:	CNNVD	id:	CNNVD-202011-922	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-12308	date:	2024-11-21T04:59:29.343

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164973	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013438	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202011-922	date:	2020-11-12T00:00:00
db:	NVD	id:	CVE-2020-12308	date:	2020-11-12T18:15:13.830