Sign-up

ID

VAR-202106-0342


CVE

CVE-2020-24509


TITLE

Intel(R) SPS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-008145

DESCRIPTION

Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) SPS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2020-24509 // JVNDB: JVNDB-2021-008145 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-178394

AFFECTED PRODUCTS

vendor:intelmodel:server platform servicesscope:eqversion:sps_e3_05.01.04.300.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:eqversion:sps_e5_04.04.04.023.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:eqversion:sps_e5_04.04.03.263.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-a_05.00.03.091.0

Trust: 1.0

vendor:日立model:日立アドバンストサーバscope: - version: -

Trust: 0.8

vendor:インテルmodel:server platform servicesscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-008145 // NVD: CVE-2020-24509

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24509
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-24509
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-563
value: MEDIUM

Trust: 0.6

VULHUB: VHN-178394
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-24509
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-178394
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-24509
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-24509
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-178394 // JVNDB: JVNDB-2021-008145 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-563 // NVD: CVE-2020-24509

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-008145 // NVD: CVE-2020-24509

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-563

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-563

PATCH

title:INTEL-SA-00459 Hitachi Server / Client Product Security Informationurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html

Trust: 0.8

title:Intel Various product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155979

Trust: 0.6

sources: JVNDB: JVNDB-2021-008145 // CNNVD: CNNVD-202106-563

EXTERNAL IDS

db:NVDid:CVE-2020-24509

Trust: 3.3

db:JVNid:JVNVU99965981

Trust: 0.8

db:JVNDBid:JVNDB-2021-008145

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021061712

Trust: 0.6

db:AUSCERTid:ESB-2021.1997

Trust: 0.6

db:LENOVOid:LEN-51731

Trust: 0.6

db:CNNVDid:CNNVD-202106-563

Trust: 0.6

db:VULHUBid:VHN-178394

Trust: 0.1

sources: VULHUB: VHN-178394 // JVNDB: JVNDB-2021-008145 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-563 // NVD: CVE-2020-24509

REFERENCES

url:https://security.netapp.com/advisory/ntap-20210611-0003/

Trust: 2.5

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html

Trust: 1.7

url:https://jvn.jp/vu/jvnvu99965981/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-24509

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-51731

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-processor-multiple-vulnerabilities-via-csme-sps-lms-35670

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061712

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1997

Trust: 0.6

sources: VULHUB: VHN-178394 // JVNDB: JVNDB-2021-008145 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-563 // NVD: CVE-2020-24509

SOURCES

db:VULHUBid:VHN-178394
db:JVNDBid:JVNDB-2021-008145
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-563
db:NVDid:CVE-2020-24509

LAST UPDATE DATE

2024-08-14T12:22:58.180000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-178394date:2021-06-22T00:00:00
db:JVNDBid:JVNDB-2021-008145date:2022-03-04T08:29:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-563date:2022-03-10T00:00:00
db:NVDid:CVE-2020-24509date:2021-06-22T21:08:53.700

SOURCES RELEASE DATE

db:VULHUBid:VHN-178394date:2021-06-09T00:00:00
db:JVNDBid:JVNDB-2021-008145date:2022-03-04T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-563date:2021-06-08T00:00:00
db:NVDid:CVE-2020-24509date:2021-06-09T19:15:08.863