Details of VAR-202102-0057

ID

VAR-202102-0057

CVE

CVE-2020-0524

TITLE

Intel(R) Ethernet I210 Controller Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003909

DESCRIPTION

Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Ethernet I210 Controller Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-0524 // JVNDB: JVNDB-2021-003909

AFFECTED PRODUCTS

vendor:	intel	model:	ethernet controller i210	scope:	lt	version:	3.30	Trust: 1.0
vendor:	インテル	model:	intel ethernet controller i210	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel ethernet controller i210	scope:	eq	version:	intel ethernet controller i210 firmware 3.30	Trust: 0.8

sources: JVNDB: JVNDB-2021-003909 // NVD: CVE-2020-0524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0524
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-0524
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-838
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-0524
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-0524
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-0524
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-003909 // CNNVD: CNNVD-202102-838 // NVD: CVE-2020-0524

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.0
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003909 // NVD: CVE-2020-0524

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-838

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-838

PATCH

title:	INTEL-SA-00318	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00318.html	Trust: 0.8
title:	apt Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142212	Trust: 0.6

sources: JVNDB: JVNDB-2021-003909 // CNNVD: CNNVD-202102-838

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0524	Trust: 2.4
db:	JVN	id:	JVNVU93808918	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-003909	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0475	Trust: 0.6
db:	LENOVO	id:	LEN-51727	Trust: 0.6
db:	CS-HELP	id:	SB2022020211	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-838	Trust: 0.6

sources: JVNDB: JVNDB-2021-003909 // CNNVD: CNNVD-202102-838 // NVD: CVE-2020-0524

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00318.html	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu93808918/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0524	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0475	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-ethernet-i210-controller-denial-of-service-34938	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-51727	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022020211	Trust: 0.6

sources: JVNDB: JVNDB-2021-003909 // CNNVD: CNNVD-202102-838 // NVD: CVE-2020-0524

SOURCES

db:	JVNDB	id:	JVNDB-2021-003909
db:	CNNVD	id:	CNNVD-202102-838
db:	NVD	id:	CVE-2020-0524

LAST UPDATE DATE

2024-11-23T20:05:54.150000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-003909	date:	2021-11-09T09:08:00
db:	CNNVD	id:	CNNVD-202102-838	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2020-0524	date:	2024-11-21T04:53:40.053

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-003909	date:	2021-11-09T00:00:00
db:	CNNVD	id:	CNNVD-202102-838	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-0524	date:	2021-02-17T14:15:14.873