Details of VAR-202011-0638

ID

VAR-202011-0638

CVE

CVE-2020-24456

TITLE

Intel(R) Board ID Tool Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013308

DESCRIPTION

Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Board ID Tool is a software used by Intel Corporation to interact with Intel motherboards

Trust: 1.71

sources: NVD: CVE-2020-24456 // JVNDB: JVNDB-2020-013308 // VULHUB: VHN-178336

AFFECTED PRODUCTS

vendor:	intel	model:	board id tool	scope:	eq	version:	1.01	Trust: 1.0
vendor:	インテル	model:	intel board id tool	scope:	eq	version:	1.01	Trust: 0.8
vendor:	インテル	model:	intel board id tool	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013308 // NVD: CVE-2020-24456

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24456
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-24456
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-931
value:	HIGH
Trust: 0.6
VULHUB:	VHN-178336
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-24456
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-178336
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-24456
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24456
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-178336 // JVNDB: JVNDB-2020-013308 // CNNVD: CNNVD-202011-931 // NVD: CVE-2020-24456

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-178336 // JVNDB: JVNDB-2020-013308 // NVD: CVE-2020-24456

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-931

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-931

PATCH

title:

INTEL-SA-00447

url:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00447.html

Trust: 0.8

sources: JVNDB: JVNDB-2020-013308

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24456	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013308	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-931	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3982	Trust: 0.6
db:	CNVD	id:	CNVD-2020-66593	Trust: 0.1
db:	VULHUB	id:	VHN-178336	Trust: 0.1

sources: VULHUB: VHN-178336 // JVNDB: JVNDB-2020-013308 // CNNVD: CNNVD-202011-931 // NVD: CVE-2020-24456

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00447	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24456	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3982/	Trust: 0.6

sources: VULHUB: VHN-178336 // JVNDB: JVNDB-2020-013308 // CNNVD: CNNVD-202011-931 // NVD: CVE-2020-24456

SOURCES

db:	VULHUB	id:	VHN-178336
db:	JVNDB	id:	JVNDB-2020-013308
db:	CNNVD	id:	CNNVD-202011-931
db:	NVD	id:	CVE-2020-24456

LAST UPDATE DATE

2024-11-23T22:16:16.477000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-178336	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013308	date:	2021-06-23T08:06:00
db:	CNNVD	id:	CNNVD-202011-931	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-24456	date:	2024-11-21T05:14:51.570

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-178336	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013308	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-931	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-24456	date:	2020-11-12T19:15:14.723