Details of VAR-202106-0890

ID

VAR-202106-0890

CVE

CVE-2021-0104

TITLE

Intel(R) Rapid Storage Technology Vulnerability in software regarding uncontrolled search path elements

Trust: 0.8

sources: JVNDB: JVNDB-2021-008538

DESCRIPTION

Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Rapid Storage Technology (RST) is a fast storage technology developed by Intel Corporation, which mainly consists of firmware, hardware and software RAID systems. The following products and models are affected: Intel Rapid Storage versions prior to 17.9.1.1009.5, 18.0.3.1148.4, and 18.1.0.1028.2, 17.9.0.34, 18.0.0.640, and 18.1.0.24

Trust: 2.25

sources: NVD: CVE-2021-0104 // JVNDB: JVNDB-2021-008538 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-371673

AFFECTED PRODUCTS

vendor:	intel	model:	rapid storage technology	scope:	lt	version:	18.0.3.1148.4	Trust: 1.0
vendor:	intel	model:	rapid storage technology	scope:	gte	version:	18.1.0.24	Trust: 1.0
vendor:	intel	model:	rapid storage technology	scope:	lt	version:	17.9.1.1009.5	Trust: 1.0
vendor:	intel	model:	rapid storage technology	scope:	lt	version:	18.1.0.1028.2	Trust: 1.0
vendor:	intel	model:	rapid storage technology	scope:	gte	version:	18.0.0.640	Trust: 1.0
vendor:	インテル	model:	intel rapid store technology	scope:	eq	version:	18.0.0.640	Trust: 0.8
vendor:	インテル	model:	intel rapid store technology	scope:	eq	version:	17.9.0.34	Trust: 0.8
vendor:	インテル	model:	intel rapid store technology	scope:	eq	version:	18.1.0.24	Trust: 0.8
vendor:	インテル	model:	intel rapid store technology	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008538 // NVD: CVE-2021-0104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0104
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-0104
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-620
value:	HIGH
Trust: 0.6
VULHUB:	VHN-371673
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0104
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-371673
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0104
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-0104
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371673 // JVNDB: JVNDB-2021-008538 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-620 // NVD: CVE-2021-0104

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371673 // JVNDB: JVNDB-2021-008538 // NVD: CVE-2021-0104

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-620

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	INTEL-SA-00X545	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00545.html	Trust: 0.8
title:	Intel Rapid Storage Technology Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155432	Trust: 0.6

sources: JVNDB: JVNDB-2021-008538 // CNNVD: CNNVD-202106-620

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0104	Trust: 3.3
db:	JVN	id:	JVNVU99965981	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-008538	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021061408	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2013	Trust: 0.6
db:	LENOVO	id:	LEN-60190	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-620	Trust: 0.6
db:	VULHUB	id:	VHN-371673	Trust: 0.1

sources: VULHUB: VHN-371673 // JVNDB: JVNDB-2021-008538 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-620 // NVD: CVE-2021-0104

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00545.html	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu99965981/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0104	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-60190	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2013	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061408	Trust: 0.6

sources: VULHUB: VHN-371673 // JVNDB: JVNDB-2021-008538 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-620 // NVD: CVE-2021-0104

SOURCES

db:	VULHUB	id:	VHN-371673
db:	JVNDB	id:	JVNDB-2021-008538
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-620
db:	NVD	id:	CVE-2021-0104

LAST UPDATE DATE

2024-08-14T12:33:11.701000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371673	date:	2021-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-008538	date:	2022-03-18T06:32:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-620	date:	2021-12-06T00:00:00
db:	NVD	id:	CVE-2021-0104	date:	2021-06-28T19:11:26.750

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371673	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-008538	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-620	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2021-0104	date:	2021-06-09T20:15:08.713