Details of VAR-202011-0637

ID

VAR-202011-0637

CVE

CVE-2020-24454

TITLE

Intel(R) Quartus(R) Prime Pro Edition and Intel(R) Quartus(R) Prime Standard Edition In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013702

DESCRIPTION

Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access. Intel Quartus Prime Pro is a multi-platform design environment developed by Intel Corporation. This product is mainly used for programmable logic device programming

Trust: 1.71

sources: NVD: CVE-2020-24454 // JVNDB: JVNDB-2020-013702 // VULHUB: VHN-178334

AFFECTED PRODUCTS

vendor:	intel	model:	quartus prime	scope:	lte	version:	20.1	Trust: 1.0
vendor:	intel	model:	quartus prime	scope:	lt	version:	20.3	Trust: 1.0
vendor:	インテル	model:	quartus prime	scope:	eq	version:	pro 20.3	Trust: 0.8
vendor:	インテル	model:	quartus prime	scope:	eq	version:	st ard 20.2	Trust: 0.8
vendor:	インテル	model:	quartus prime	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013702 // NVD: CVE-2020-24454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24454
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-24454
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-921
value:	HIGH
Trust: 0.6
VULHUB:	VHN-178334
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-24454
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-178334
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-24454
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24454
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-178334 // JVNDB: JVNDB-2020-013702 // CNNVD: CNNVD-202011-921 // NVD: CVE-2020-24454

PROBLEMTYPE DATA

problemtype:	CWE-611	Trust: 1.1
problemtype:	XML Improper restrictions on external entity references (CWE-611) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-178334 // JVNDB: JVNDB-2020-013702 // NVD: CVE-2020-24454

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-921

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202011-921

PATCH

title:	INTEL-SA-00446	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00446	Trust: 0.8
title:	Intel Quartus Prime Pro Edition and Intel Quartus Prime Standard Edition Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135730	Trust: 0.6

sources: JVNDB: JVNDB-2020-013702 // CNNVD: CNNVD-202011-921

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24454	Trust: 2.5
db:	JVN	id:	JVNVU98002571	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-013702	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4011	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-921	Trust: 0.6
db:	VULHUB	id:	VHN-178334	Trust: 0.1

sources: VULHUB: VHN-178334 // JVNDB: JVNDB-2020-013702 // CNNVD: CNNVD-202011-921 // NVD: CVE-2020-24454

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00446	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24454	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu98002571/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.4011/	Trust: 0.6

sources: VULHUB: VHN-178334 // JVNDB: JVNDB-2020-013702 // CNNVD: CNNVD-202011-921 // NVD: CVE-2020-24454

SOURCES

db:	VULHUB	id:	VHN-178334
db:	JVNDB	id:	JVNDB-2020-013702
db:	CNNVD	id:	CNNVD-202011-921
db:	NVD	id:	CVE-2020-24454

LAST UPDATE DATE

2024-11-23T19:48:35.763000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-178334	date:	2020-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-013702	date:	2021-07-09T09:02:00
db:	CNNVD	id:	CNNVD-202011-921	date:	2020-12-03T00:00:00
db:	NVD	id:	CVE-2020-24454	date:	2024-11-21T05:14:51.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-178334	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013702	date:	2021-07-09T00:00:00
db:	CNNVD	id:	CNNVD-202011-921	date:	2020-11-12T00:00:00
db:	NVD	id:	CVE-2020-24454	date:	2020-11-12T19:15:14.660