Details of VAR-202011-0176

ID

VAR-202011-0176

CVE

CVE-2020-12331

TITLE

Intel Unite(R) Cloud Service client Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2020-013592

DESCRIPTION

Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. An attacker could exploit this vulnerability to escalate privileges

Trust: 1.71

sources: NVD: CVE-2020-12331 // JVNDB: JVNDB-2020-013592 // VULHUB: VHN-164999

AFFECTED PRODUCTS

vendor:	intel	model:	unite cloud service client	scope:	lt	version:	4.2.12212	Trust: 1.0
vendor:	インテル	model:	intel unite cloud service client	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel unite cloud service client	scope:	eq	version:	4.2.12212	Trust: 0.8

sources: JVNDB: JVNDB-2020-013592 // NVD: CVE-2020-12331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12331
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12331
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-927
value:	HIGH
Trust: 0.6
VULHUB:	VHN-164999
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12331
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-164999
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12331
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12331
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164999 // JVNDB: JVNDB-2020-013592 // CNNVD: CNNVD-202011-927 // NVD: CVE-2020-12331

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-269	Trust: 0.1

sources: VULHUB: VHN-164999 // JVNDB: JVNDB-2020-013592 // NVD: CVE-2020-12331

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-927

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202011-927

PATCH

title:	INTEL-SA-00418	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00418.html	Trust: 0.8
title:	Intel Unite Cloud Service client Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135450	Trust: 0.6

sources: JVNDB: JVNDB-2020-013592 // CNNVD: CNNVD-202011-927

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12331	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013592	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-927	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3996	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66302	Trust: 0.1
db:	VULHUB	id:	VHN-164999	Trust: 0.1

sources: VULHUB: VHN-164999 // JVNDB: JVNDB-2020-013592 // CNNVD: CNNVD-202011-927 // NVD: CVE-2020-12331

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00418	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12331	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3996/	Trust: 0.6

sources: VULHUB: VHN-164999 // JVNDB: JVNDB-2020-013592 // CNNVD: CNNVD-202011-927 // NVD: CVE-2020-12331

SOURCES

db:	VULHUB	id:	VHN-164999
db:	JVNDB	id:	JVNDB-2020-013592
db:	CNNVD	id:	CNNVD-202011-927
db:	NVD	id:	CVE-2020-12331

LAST UPDATE DATE

2024-11-23T23:11:15.572000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164999	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-013592	date:	2021-07-08T07:58:00
db:	CNNVD	id:	CNNVD-202011-927	date:	2020-12-01T00:00:00
db:	NVD	id:	CVE-2020-12331	date:	2024-11-21T04:59:31.823

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164999	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013592	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202011-927	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12331	date:	2020-11-12T19:15:13.643