Details of VAR-202011-0177

ID

VAR-202011-0177

CVE

CVE-2020-12332

TITLE

Intel(R) HID Event Filter Driver Vulnerability in improperly holding permissions in the installer

Trust: 0.8

sources: JVNDB: JVNDB-2020-013372

DESCRIPTION

Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access

Trust: 1.71

sources: NVD: CVE-2020-12332 // JVNDB: JVNDB-2020-013372 // VULHUB: VHN-165000

AFFECTED PRODUCTS

vendor:	intel	model:	hid event filter driver	scope:	lt	version:	2.2.1.372	Trust: 1.0
vendor:	インテル	model:	hid event filter driver	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013372 // NVD: CVE-2020-12332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12332
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12332
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1701
value:	HIGH
Trust: 0.6
VULHUB:	VHN-165000
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12332
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-165000
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12332
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12332
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165000 // JVNDB: JVNDB-2020-013372 // CNNVD: CNNVD-201911-1701 // NVD: CVE-2020-12332

PROBLEMTYPE DATA

problemtype:	CWE-281	Trust: 1.1
problemtype:	Improper retention of permissions (CWE-281) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-165000 // JVNDB: JVNDB-2020-013372 // NVD: CVE-2020-12332

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1701

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-1701

PATCH

title:	INTEL-SA-00421	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00421.html	Trust: 0.8
title:	Intel Human Interface Device Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134997	Trust: 0.6

sources: JVNDB: JVNDB-2020-013372 // CNNVD: CNNVD-201911-1701

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12332	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013372	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3979	Trust: 0.6
db:	LENOVO	id:	LEN-45679	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1701	Trust: 0.6
db:	VULHUB	id:	VHN-165000	Trust: 0.1

sources: VULHUB: VHN-165000 // JVNDB: JVNDB-2020-013372 // CNNVD: CNNVD-201911-1701 // NVD: CVE-2020-12332

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00421	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12332	Trust: 1.4
url:	https://support.lenovo.com/us/en/product_security/len-45679	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3979/	Trust: 0.6

sources: VULHUB: VHN-165000 // JVNDB: JVNDB-2020-013372 // CNNVD: CNNVD-201911-1701 // NVD: CVE-2020-12332

SOURCES

db:	VULHUB	id:	VHN-165000
db:	JVNDB	id:	JVNDB-2020-013372
db:	CNNVD	id:	CNNVD-201911-1701
db:	NVD	id:	CVE-2020-12332

LAST UPDATE DATE

2024-11-23T22:51:15.121000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165000	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013372	date:	2021-06-29T05:28:00
db:	CNNVD	id:	CNNVD-201911-1701	date:	2020-12-03T00:00:00
db:	NVD	id:	CVE-2020-12332	date:	2024-11-21T04:59:31.923

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165000	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013372	date:	2021-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201911-1701	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-12332	date:	2020-11-12T19:15:13.707