Details of VAR-202106-0889

ID

VAR-202106-0889

CVE

CVE-2021-0102

TITLE

Windows for Intel Unite(R) Client Improper Permission Assignment Vulnerability in Critical Resources

Trust: 0.8

sources: JVNDB: JVNDB-2021-008147

DESCRIPTION

Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Windows for Intel Unite(R) Client Is vulnerable to an improperly assigned permission for critical resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States

Trust: 2.25

sources: NVD: CVE-2021-0102 // JVNDB: JVNDB-2021-008147 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-371671

AFFECTED PRODUCTS

vendor:	intel	model:	unite	scope:	lt	version:	4.2.25031	Trust: 1.0
vendor:	インテル	model:	intel unite	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel unite	scope:	eq	version:	4.2.25031	Trust: 0.8

sources: JVNDB: JVNDB-2021-008147 // NVD: CVE-2021-0102

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0102
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-0102
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-692
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-371671
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0102
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-371671
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0102
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-0102
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371671 // JVNDB: JVNDB-2021-008147 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-692 // NVD: CVE-2021-0102

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371671 // JVNDB: JVNDB-2021-008147 // NVD: CVE-2021-0102

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-692

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	INTEL-SA-00506	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00506.html	Trust: 0.8
title:	Intel Unite Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154314	Trust: 0.6

sources: JVNDB: JVNDB-2021-008147 // CNNVD: CNNVD-202106-692

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0102	Trust: 3.3
db:	JVN	id:	JVNVU99965981	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-008147	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021061523	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2021	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-692	Trust: 0.6
db:	VULHUB	id:	VHN-371671	Trust: 0.1

sources: VULHUB: VHN-371671 // JVNDB: JVNDB-2021-008147 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-692 // NVD: CVE-2021-0102

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00506.html	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu99965981/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0102	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2021	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061523	Trust: 0.6

sources: VULHUB: VHN-371671 // JVNDB: JVNDB-2021-008147 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-692 // NVD: CVE-2021-0102

SOURCES

db:	VULHUB	id:	VHN-371671
db:	JVNDB	id:	JVNDB-2021-008147
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-692
db:	NVD	id:	CVE-2021-0102

LAST UPDATE DATE

2024-08-14T12:43:39.696000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371671	date:	2021-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-008147	date:	2022-03-04T08:29:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-692	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-0102	date:	2021-06-22T17:14:30.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371671	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-008147	date:	2022-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-692	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-0102	date:	2021-06-09T20:15:08.687