Details of VAR-202011-0620

ID

VAR-202011-0620

CVE

CVE-2020-24460

TITLE

Intel(R) DSA Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013309

DESCRIPTION

Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) DSA Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. This vulnerability is caused by incorrect default permissions. Attackers can use this vulnerability to start denial of service

Trust: 1.71

sources: NVD: CVE-2020-24460 // JVNDB: JVNDB-2020-013309 // VULHUB: VHN-178341

AFFECTED PRODUCTS

vendor:	intel	model:	driver \& support assistant	scope:	lt	version:	20.8.30.6	Trust: 1.0
vendor:	インテル	model:	intel driver and support assistant	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel driver and support assistant	scope:	eq	version:	20.8.30.6	Trust: 0.8

sources: JVNDB: JVNDB-2020-013309 // NVD: CVE-2020-24460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24460
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-24460
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-920
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-178341
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-24460
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-178341
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-24460
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24460
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-178341 // JVNDB: JVNDB-2020-013309 // CNNVD: CNNVD-202011-920 // NVD: CVE-2020-24460

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-178341 // JVNDB: JVNDB-2020-013309 // NVD: CVE-2020-24460

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-920

TYPE

Default configuration problem

Trust: 0.6

sources: CNNVD: CNNVD-202011-920

PATCH

title:	INTEL-SA-00449	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00449.html	Trust: 0.8
title:	Intel Driver Support Assistant Repair measures for default configuration problems	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133892	Trust: 0.6

sources: JVNDB: JVNDB-2020-013309 // CNNVD: CNNVD-202011-920

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24460	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013309	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4009	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-920	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66312	Trust: 0.1
db:	VULHUB	id:	VHN-178341	Trust: 0.1

sources: VULHUB: VHN-178341 // JVNDB: JVNDB-2020-013309 // CNNVD: CNNVD-202011-920 // NVD: CVE-2020-24460

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00449	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24460	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.4009/	Trust: 0.6

sources: VULHUB: VHN-178341 // JVNDB: JVNDB-2020-013309 // CNNVD: CNNVD-202011-920 // NVD: CVE-2020-24460

SOURCES

db:	VULHUB	id:	VHN-178341
db:	JVNDB	id:	JVNDB-2020-013309
db:	CNNVD	id:	CNNVD-202011-920
db:	NVD	id:	CVE-2020-24460

LAST UPDATE DATE

2024-11-23T22:51:10.938000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-178341	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013309	date:	2021-06-23T08:06:00
db:	CNNVD	id:	CNNVD-202011-920	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-24460	date:	2024-11-21T05:14:52.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-178341	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013309	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-920	date:	2020-11-12T00:00:00
db:	NVD	id:	CVE-2020-24460	date:	2020-11-12T19:15:14.770