Details of VAR-202011-0183

ID

VAR-202011-0183

CVE

CVE-2020-12338

TITLE

Open WebRTC Toolkit Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013293

DESCRIPTION

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Open WebRTC Toolkit Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Open WebRTC Toolkit is an open-source, cross-platform WebRTC client framework based on Gstreamer, an end-to-end audio/video communication development kit developed by Intel Corporation. This toolkit is used to create high-performance, reliable and scalable real-time communication applications. A security vulnerability exists in Intel Open WebRTC Toolkit versions prior to 4.3.1

Trust: 1.71

sources: NVD: CVE-2020-12338 // JVNDB: JVNDB-2020-013293 // VULHUB: VHN-165006

AFFECTED PRODUCTS

vendor:	intel	model:	open webrtc toolkit	scope:	lt	version:	4.3.1	Trust: 1.0
vendor:	インテル	model:	open webrtc toolkit	scope:	eq	version:	4.3.1	Trust: 0.8
vendor:	インテル	model:	open webrtc toolkit	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013293 // NVD: CVE-2020-12338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12338
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-12338
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202011-936
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-165006
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-12338
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-165006
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12338
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12338
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165006 // JVNDB: JVNDB-2020-013293 // CNNVD: CNNVD-202011-936 // NVD: CVE-2020-12338

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013293 // NVD: CVE-2020-12338

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-936

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-936

PATCH

title:	INTEL-SA-00424	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00424	Trust: 0.8
title:	Intel Open WebRTC Toolkit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135012	Trust: 0.6

sources: JVNDB: JVNDB-2020-013293 // CNNVD: CNNVD-202011-936

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12338	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013293	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-936	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.4002	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66592	Trust: 0.1
db:	VULHUB	id:	VHN-165006	Trust: 0.1

sources: VULHUB: VHN-165006 // JVNDB: JVNDB-2020-013293 // CNNVD: CNNVD-202011-936 // NVD: CVE-2020-12338

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00424	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12338	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.4002/	Trust: 0.6

sources: VULHUB: VHN-165006 // JVNDB: JVNDB-2020-013293 // CNNVD: CNNVD-202011-936 // NVD: CVE-2020-12338

SOURCES

db:	VULHUB	id:	VHN-165006
db:	JVNDB	id:	JVNDB-2020-013293
db:	CNNVD	id:	CNNVD-202011-936
db:	NVD	id:	CVE-2020-12338

LAST UPDATE DATE

2024-11-23T22:58:07.500000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165006	date:	2020-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-013293	date:	2021-06-23T07:22:00
db:	CNNVD	id:	CNNVD-202011-936	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-12338	date:	2024-11-21T04:59:32.597

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165006	date:	2020-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-013293	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-936	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12338	date:	2020-11-13T20:15:16.020