Details of VAR-202102-0286

ID

VAR-202102-0286

CVE

CVE-2020-24451

TITLE

Windows for Intel(R) Optane(TM) DC Persistent Memory Vulnerability in uncontrolled search path elements in installer

Trust: 0.8

sources: JVNDB: JVNDB-2020-016009

DESCRIPTION

Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. There is no information about this vulnerability so far. Please keep an eye on CNNVD or manufacturer announcements

Trust: 1.71

sources: NVD: CVE-2020-24451 // JVNDB: JVNDB-2020-016009 // VULHUB: VHN-178331

AFFECTED PRODUCTS

vendor:	intel	model:	optane dc persistent memory module management	scope:	lt	version:	1.00.00.3506	Trust: 1.0
vendor:	インテル	model:	intel optane dc persistent memory module management	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel optane dc persistent memory module management	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-016009 // NVD: CVE-2020-24451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24451
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-24451
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-853
value:	HIGH
Trust: 0.6
VULHUB:	VHN-178331
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-24451
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-178331
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-24451
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24451
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-178331 // JVNDB: JVNDB-2020-016009 // CNNVD: CNNVD-202102-853 // NVD: CVE-2020-24451

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-178331 // JVNDB: JVNDB-2020-016009 // NVD: CVE-2020-24451

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-853

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-853

PATCH

title:	INTEL-SA-00436	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00436.html	Trust: 0.8
title:	Microsoft Windows Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142604	Trust: 0.6

sources: JVNDB: JVNDB-2020-016009 // CNNVD: CNNVD-202102-853

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24451	Trust: 2.5
db:	JVN	id:	JVNVU93808918	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-016009	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0483	Trust: 0.6
db:	LENOVO	id:	LEN-51724	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-853	Trust: 0.6
db:	VULHUB	id:	VHN-178331	Trust: 0.1

sources: VULHUB: VHN-178331 // JVNDB: JVNDB-2020-016009 // CNNVD: CNNVD-202102-853 // NVD: CVE-2020-24451

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00436.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24451	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu93808918/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0483	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-51724	Trust: 0.6

sources: VULHUB: VHN-178331 // JVNDB: JVNDB-2020-016009 // CNNVD: CNNVD-202102-853 // NVD: CVE-2020-24451

SOURCES

db:	VULHUB	id:	VHN-178331
db:	JVNDB	id:	JVNDB-2020-016009
db:	CNNVD	id:	CNNVD-202102-853
db:	NVD	id:	CVE-2020-24451

LAST UPDATE DATE

2024-11-23T20:43:37.700000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-178331	date:	2021-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-016009	date:	2021-11-01T01:36:00
db:	CNNVD	id:	CNNVD-202102-853	date:	2021-03-09T00:00:00
db:	NVD	id:	CVE-2020-24451	date:	2024-11-21T05:14:50.970

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-178331	date:	2021-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-016009	date:	2021-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202102-853	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-24451	date:	2021-02-17T14:15:16.357