Details of VAR-202102-0772

ID

VAR-202102-0772

CVE

CVE-2020-8701

TITLE

Intel(R) SSD Toolbox Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-016089

DESCRIPTION

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) SSD Toolbox Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. A default configuration problem vulnerability exists in Intel SSD Toolbox, which originates from the use of insecure default configurations in network systems or products

Trust: 1.71

sources: NVD: CVE-2020-8701 // JVNDB: JVNDB-2020-016089 // VULHUB: VHN-186826

AFFECTED PRODUCTS

vendor:	intel	model:	solid-state drive toolbox	scope:	lt	version:	2021-02-09	Trust: 1.0
vendor:	インテル	model:	ssd toolbox	scope:	eq	version:	2021/02/09 before that	Trust: 0.8
vendor:	インテル	model:	ssd toolbox	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-016089 // NVD: CVE-2020-8701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8701
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8701
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-997
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186826
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8701
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186826
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8701
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8701
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186826 // JVNDB: JVNDB-2020-016089 // CNNVD: CNNVD-202102-997 // NVD: CVE-2020-8701

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186826 // JVNDB: JVNDB-2020-016089 // NVD: CVE-2020-8701

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-997

TYPE

Default configuration problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-997

PATCH

title:	INTEL-SA-00457	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00457.html	Trust: 0.8
title:	Intel SSD Toolbox Repair measures for default configuration problems	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142616	Trust: 0.6

sources: JVNDB: JVNDB-2020-016089 // CNNVD: CNNVD-202102-997

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8701	Trust: 2.5
db:	JVN	id:	JVNVU93808918	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-016089	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0482	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-997	Trust: 0.6
db:	VULHUB	id:	VHN-186826	Trust: 0.1

sources: VULHUB: VHN-186826 // JVNDB: JVNDB-2020-016089 // CNNVD: CNNVD-202102-997 // NVD: CVE-2020-8701

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00457.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8701	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu93808918/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0482	Trust: 0.6

sources: VULHUB: VHN-186826 // JVNDB: JVNDB-2020-016089 // CNNVD: CNNVD-202102-997 // NVD: CVE-2020-8701

SOURCES

db:	VULHUB	id:	VHN-186826
db:	JVNDB	id:	JVNDB-2020-016089
db:	CNNVD	id:	CNNVD-202102-997
db:	NVD	id:	CVE-2020-8701

LAST UPDATE DATE

2024-11-23T20:47:57.951000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186826	date:	2021-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-016089	date:	2021-11-05T07:04:00
db:	CNNVD	id:	CNNVD-202102-997	date:	2021-03-01T00:00:00
db:	NVD	id:	CVE-2020-8701	date:	2024-11-21T05:39:17.420

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186826	date:	2021-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-016089	date:	2021-11-05T00:00:00
db:	CNNVD	id:	CNNVD-202102-997	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2020-8701	date:	2021-02-17T14:15:18.950