Details of VAR-202011-1383

ID

VAR-202011-1383

CVE

CVE-2020-8767

TITLE

Intel(R) Quartus Prime for Intel(R) 50GbE IP Core Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013586

DESCRIPTION

Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access

Trust: 1.71

sources: NVD: CVE-2020-8767 // JVNDB: JVNDB-2020-013586 // VULHUB: VHN-186892

AFFECTED PRODUCTS

vendor:	intel	model:	quartus prime	scope:	lt	version:	20.2	Trust: 1.0
vendor:	インテル	model:	quartus prime	scope:	eq	version:	20.2	Trust: 0.8
vendor:	インテル	model:	quartus prime	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013586 // NVD: CVE-2020-8767

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8767
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8767
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-946
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186892
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8767
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186892
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8767
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8767
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186892 // JVNDB: JVNDB-2020-013586 // CNNVD: CNNVD-202011-946 // NVD: CVE-2020-8767

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.1
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186892 // JVNDB: JVNDB-2020-013586 // NVD: CVE-2020-8767

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-946

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-946

PATCH

title:	INTEL-SA-00400	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00400.html	Trust: 0.8
title:	Intel GbE IP Core for Intel Quartus Prime Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134135	Trust: 0.6

sources: JVNDB: JVNDB-2020-013586 // CNNVD: CNNVD-202011-946

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8767	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013586	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-946	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3965	Trust: 0.6
db:	VULHUB	id:	VHN-186892	Trust: 0.1

sources: VULHUB: VHN-186892 // JVNDB: JVNDB-2020-013586 // CNNVD: CNNVD-202011-946 // NVD: CVE-2020-8767

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00400	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8767	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3965/	Trust: 0.6

sources: VULHUB: VHN-186892 // JVNDB: JVNDB-2020-013586 // CNNVD: CNNVD-202011-946 // NVD: CVE-2020-8767

SOURCES

db:	VULHUB	id:	VHN-186892
db:	JVNDB	id:	JVNDB-2020-013586
db:	CNNVD	id:	CNNVD-202011-946
db:	NVD	id:	CVE-2020-8767

LAST UPDATE DATE

2024-11-23T22:29:22.713000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186892	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013586	date:	2021-07-08T07:58:00
db:	CNNVD	id:	CNNVD-202011-946	date:	2020-12-02T00:00:00
db:	NVD	id:	CVE-2020-8767	date:	2024-11-21T05:39:24.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186892	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013586	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202011-946	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-8767	date:	2020-11-12T18:15:18.487