Details of VAR-202011-0154

ID

VAR-202011-0154

CVE

CVE-2020-12312

TITLE

Intel(R) Quartus(R) Prime Pro Buffer error vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-013431

DESCRIPTION

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) Quartus(R) Prime Pro The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Quartus Prime Pro is a multi-platform design environment of Intel Corporation. This product is mainly used for programmable logic device programming. No detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2020-12312 // JVNDB: JVNDB-2020-013431 // CNVD: CNVD-2020-68832 // VULHUB: VHN-164978

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-68832

AFFECTED PRODUCTS

vendor:	intel	model:	quartus prime pro	scope:	lt	version:	20.2	Trust: 1.6
vendor:	intel	model:	stratix 10 fpga	scope:	eq	version:	-	Trust: 1.0
vendor:	インテル	model:	intel quartus prime pro	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	stratix 10 fpga	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2020-68832 // JVNDB: JVNDB-2020-013431 // NVD: CVE-2020-12312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12312
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-12312
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-68832
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202011-852
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-164978
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12312
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-68832
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-164978
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12312
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12312
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-68832 // VULHUB: VHN-164978 // JVNDB: JVNDB-2020-013431 // CNNVD: CNNVD-202011-852 // NVD: CVE-2020-12312

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-164978 // JVNDB: JVNDB-2020-013431 // NVD: CVE-2020-12312

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-852

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202011-852

PATCH

title:	INTEL-SA-00388	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00388	Trust: 0.8
title:	Patch for Intel Quartus Prime Pro buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/241594	Trust: 0.6
title:	Intel Quartus Prime Pro Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133833	Trust: 0.6

sources: CNVD: CNVD-2020-68832 // JVNDB: JVNDB-2020-013431 // CNNVD: CNNVD-202011-852

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12312	Trust: 3.1
db:	JVN	id:	JVNVU98002571	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-013431	Trust: 0.8
db:	CNVD	id:	CNVD-2020-68832	Trust: 0.7
db:	CNNVD	id:	CNNVD-202011-852	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3954	Trust: 0.6
db:	VULHUB	id:	VHN-164978	Trust: 0.1

sources: CNVD: CNVD-2020-68832 // VULHUB: VHN-164978 // JVNDB: JVNDB-2020-013431 // CNNVD: CNNVD-202011-852 // NVD: CVE-2020-12312

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-12312	Trust: 2.0
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00388	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu98002571/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.3954/	Trust: 0.6

sources: CNVD: CNVD-2020-68832 // VULHUB: VHN-164978 // JVNDB: JVNDB-2020-013431 // CNNVD: CNNVD-202011-852 // NVD: CVE-2020-12312

SOURCES

db:	CNVD	id:	CNVD-2020-68832
db:	VULHUB	id:	VHN-164978
db:	JVNDB	id:	JVNDB-2020-013431
db:	CNNVD	id:	CNNVD-202011-852
db:	NVD	id:	CVE-2020-12312

LAST UPDATE DATE

2024-11-23T20:33:40.479000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-68832	date:	2020-12-04T00:00:00
db:	VULHUB	id:	VHN-164978	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-013431	date:	2021-07-06T04:56:00
db:	CNNVD	id:	CNNVD-202011-852	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-12312	date:	2024-11-21T04:59:29.803

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-68832	date:	2020-12-04T00:00:00
db:	VULHUB	id:	VHN-164978	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013431	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202011-852	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12312	date:	2020-11-12T18:15:14.157