Details of VAR-202102-0288

ID

VAR-202102-0288

CVE

CVE-2020-24453

TITLE

Intel(R) EPID SDK Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-016007

DESCRIPTION

Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel(R) EPID SDK Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in the Intel EPID SDK. There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements

Trust: 1.71

sources: NVD: CVE-2020-24453 // JVNDB: JVNDB-2020-016007 // VULHUB: VHN-178333

AFFECTED PRODUCTS

vendor:	intel	model:	epid software development kit	scope:	lt	version:	8.0	Trust: 1.0
vendor:	インテル	model:	intel epid sdk	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel epid sdk	scope:	eq	version:	8	Trust: 0.8

sources: JVNDB: JVNDB-2020-016007 // NVD: CVE-2020-24453

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24453
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-24453
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-974
value:	HIGH
Trust: 0.6
VULHUB:	VHN-178333
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-24453
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-178333
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-24453
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24453
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-178333 // JVNDB: JVNDB-2020-016007 // CNNVD: CNNVD-202102-974 // NVD: CVE-2020-24453

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-178333 // JVNDB: JVNDB-2020-016007 // NVD: CVE-2020-24453

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-974

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202102-974

PATCH

title:	INTEL-SA-00445	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00445.html	Trust: 0.8
title:	Intel EPID SDK Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142607	Trust: 0.6

sources: JVNDB: JVNDB-2020-016007 // CNNVD: CNNVD-202102-974

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24453	Trust: 2.5
db:	JVN	id:	JVNVU93808918	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-016007	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0462	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-974	Trust: 0.6
db:	VULHUB	id:	VHN-178333	Trust: 0.1

sources: VULHUB: VHN-178333 // JVNDB: JVNDB-2020-016007 // CNNVD: CNNVD-202102-974 // NVD: CVE-2020-24453

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00445.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24453	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu93808918/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0462	Trust: 0.6

sources: VULHUB: VHN-178333 // JVNDB: JVNDB-2020-016007 // CNNVD: CNNVD-202102-974 // NVD: CVE-2020-24453

SOURCES

db:	VULHUB	id:	VHN-178333
db:	JVNDB	id:	JVNDB-2020-016007
db:	CNNVD	id:	CNNVD-202102-974
db:	NVD	id:	CVE-2020-24453

LAST UPDATE DATE

2024-11-23T20:33:57.905000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-178333	date:	2021-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-016007	date:	2021-11-01T01:18:00
db:	CNNVD	id:	CNNVD-202102-974	date:	2021-03-01T00:00:00
db:	NVD	id:	CVE-2020-24453	date:	2024-11-21T05:14:51.197

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-178333	date:	2021-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-016007	date:	2021-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202102-974	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2020-24453	date:	2021-02-17T14:15:16.497