Details of VAR-202011-1382

ID

VAR-202011-1382

CVE

CVE-2020-8766

TITLE

Intel(R) SGX DCAP Software vulnerabilities in checking for exceptional conditions

Trust: 0.8

sources: JVNDB: JVNDB-2020-013585

DESCRIPTION

Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel(R) SGX DCAP The software contains a vulnerability in checking for exceptional conditions.Denial of service (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-8766 // JVNDB: JVNDB-2020-013585 // VULHUB: VHN-186891

AFFECTED PRODUCTS

vendor:	intel	model:	software guard extensions data center attestation primitives	scope:	lt	version:	1.6	Trust: 1.0
vendor:	インテル	model:	intel sgx dcap ソフトウェア	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel sgx dcap ソフトウェア	scope:	eq	version:	intel sgx dcap software 1.6	Trust: 0.8

sources: JVNDB: JVNDB-2020-013585 // NVD: CVE-2020-8766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8766
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8766
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-917
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186891
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8766
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186891
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8766
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8766
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186891 // JVNDB: JVNDB-2020-013585 // CNNVD: CNNVD-202011-917 // NVD: CVE-2020-8766

PROBLEMTYPE DATA

problemtype:	CWE-754	Trust: 1.1
problemtype:	Improper checking in exceptional conditions (CWE-754) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186891 // JVNDB: JVNDB-2020-013585 // NVD: CVE-2020-8766

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202011-917

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202011-917

PATCH

title:	INTEL-SA-00398	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398.html	Trust: 0.8
title:	Intel SGX DCAP Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135445	Trust: 0.6

sources: JVNDB: JVNDB-2020-013585 // CNNVD: CNNVD-202011-917

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8766	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013585	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-917	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.4016	Trust: 0.6
db:	VULHUB	id:	VHN-186891	Trust: 0.1

sources: VULHUB: VHN-186891 // JVNDB: JVNDB-2020-013585 // CNNVD: CNNVD-202011-917 // NVD: CVE-2020-8766

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8766	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.4016/	Trust: 0.6

sources: VULHUB: VHN-186891 // JVNDB: JVNDB-2020-013585 // CNNVD: CNNVD-202011-917 // NVD: CVE-2020-8766

SOURCES

db:	VULHUB	id:	VHN-186891
db:	JVNDB	id:	JVNDB-2020-013585
db:	CNNVD	id:	CNNVD-202011-917
db:	NVD	id:	CVE-2020-8766

LAST UPDATE DATE

2024-11-23T23:04:13.047000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186891	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013585	date:	2021-07-08T07:58:00
db:	CNNVD	id:	CNNVD-202011-917	date:	2020-12-01T00:00:00
db:	NVD	id:	CVE-2020-8766	date:	2024-11-21T05:39:24.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186891	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013585	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202011-917	date:	2020-11-12T00:00:00
db:	NVD	id:	CVE-2020-8766	date:	2020-11-12T18:15:18.423