Details of VAR-202011-0168

ID

VAR-202011-0168

CVE

CVE-2020-12323

TITLE

Intel(R) ADAS IE Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013589

DESCRIPTION

Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) ADAS IE Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel ADAS IE (Intel ADAS IE) is a driver assistance system engine of Intel Corporation of the United States

Trust: 1.71

sources: NVD: CVE-2020-12323 // JVNDB: JVNDB-2020-013589 // VULHUB: VHN-164990

AFFECTED PRODUCTS

vendor:	intel	model:	adas ie	scope:	lt	version:	1.0.766	Trust: 1.0
vendor:	インテル	model:	intel adas ie	scope:	eq	version:	adas_ie_1.0.766	Trust: 0.8
vendor:	インテル	model:	intel adas ie	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013589 // NVD: CVE-2020-12323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12323
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-12323
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-969
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-164990
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12323
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-164990
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12323
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12323
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164990 // JVNDB: JVNDB-2020-013589 // CNNVD: CNNVD-202011-969 // NVD: CVE-2020-12323

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-164990 // JVNDB: JVNDB-2020-013589 // NVD: CVE-2020-12323

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-969

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-969

PATCH

title:	INTEL-SA-00415	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00415.html	Trust: 0.8
title:	Intel ADAS IE Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135457	Trust: 0.6

sources: JVNDB: JVNDB-2020-013589 // CNNVD: CNNVD-202011-969

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12323	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013589	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-969	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66303	Trust: 0.1
db:	VULHUB	id:	VHN-164990	Trust: 0.1

sources: VULHUB: VHN-164990 // JVNDB: JVNDB-2020-013589 // CNNVD: CNNVD-202011-969 // NVD: CVE-2020-12323

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00415	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12323	Trust: 1.4

sources: VULHUB: VHN-164990 // JVNDB: JVNDB-2020-013589 // CNNVD: CNNVD-202011-969 // NVD: CVE-2020-12323

SOURCES

db:	VULHUB	id:	VHN-164990
db:	JVNDB	id:	JVNDB-2020-013589
db:	CNNVD	id:	CNNVD-202011-969
db:	NVD	id:	CVE-2020-12323

LAST UPDATE DATE

2024-11-23T23:07:47.297000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164990	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013589	date:	2021-07-08T07:58:00
db:	CNNVD	id:	CNNVD-202011-969	date:	2020-12-01T00:00:00
db:	NVD	id:	CVE-2020-12323	date:	2024-11-21T04:59:30.947

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164990	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013589	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202011-969	date:	2020-11-12T00:00:00
db:	NVD	id:	CVE-2020-12323	date:	2020-11-12T19:15:13.050