Details of VAR-202106-0886

ID

VAR-202106-0886

CVE

CVE-2021-0098

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States

Trust: 1.53

sources: NVD: CVE-2021-0098 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-371667

AFFECTED PRODUCTS

vendor:

intel

model:

unite

scope:

version:

4.2.25031

Trust: 1.0

sources: NVD: CVE-2021-0098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0098
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-690
value:	HIGH
Trust: 0.6
VULHUB:	VHN-371667
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0098
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-371667
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0098
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-371667 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-690 // NVD: CVE-2021-0098

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2021-0098

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-690

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-690

PATCH

title:

Intel Unite Fixes for access control error vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154866

Trust: 0.6

sources: CNNVD: CNNVD-202106-690

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0098	Trust: 1.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021061523	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2021	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-690	Trust: 0.6
db:	VULHUB	id:	VHN-371667	Trust: 0.1

sources: VULHUB: VHN-371667 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-690 // NVD: CVE-2021-0098

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00506.html	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2021	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061523	Trust: 0.6

sources: VULHUB: VHN-371667 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-690 // NVD: CVE-2021-0098

SOURCES

db:	VULHUB	id:	VHN-371667
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-690
db:	NVD	id:	CVE-2021-0098

LAST UPDATE DATE

2024-08-14T12:23:20.832000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371667	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-690	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-0098	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371667	date:	2021-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-690	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-0098	date:	2021-06-09T20:15:08.633