Details of VAR-202106-0893

ID

VAR-202106-0893

CVE

CVE-2021-0108

TITLE

Windows for Intel Unite(R) Client Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2021-008148

DESCRIPTION

Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-0108 // JVNDB: JVNDB-2021-008148 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-371677

AFFECTED PRODUCTS

vendor:	intel	model:	unite	scope:	lt	version:	4.2.25031	Trust: 1.0
vendor:	インテル	model:	intel unite	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel unite	scope:	eq	version:	4.2.25031	Trust: 0.8

sources: JVNDB: JVNDB-2021-008148 // NVD: CVE-2021-0108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0108
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-0108
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-689
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-371677
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0108
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-371677
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0108
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-0108
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371677 // JVNDB: JVNDB-2021-008148 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-689 // NVD: CVE-2021-0108

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371677 // JVNDB: JVNDB-2021-008148 // NVD: CVE-2021-0108

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-689

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	INTEL-SA-00506	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00506.html	Trust: 0.8
title:	Intel Unite Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154311	Trust: 0.6

sources: JVNDB: JVNDB-2021-008148 // CNNVD: CNNVD-202106-689

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0108	Trust: 3.3
db:	JVN	id:	JVNVU99965981	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-008148	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021061523	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2021	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-689	Trust: 0.6
db:	VULHUB	id:	VHN-371677	Trust: 0.1

sources: VULHUB: VHN-371677 // JVNDB: JVNDB-2021-008148 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-689 // NVD: CVE-2021-0108

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00506.html	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu99965981/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0108	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2021	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061523	Trust: 0.6

sources: VULHUB: VHN-371677 // JVNDB: JVNDB-2021-008148 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-689 // NVD: CVE-2021-0108

SOURCES

db:	VULHUB	id:	VHN-371677
db:	JVNDB	id:	JVNDB-2021-008148
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-689
db:	NVD	id:	CVE-2021-0108

LAST UPDATE DATE

2024-08-14T12:37:00.318000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371677	date:	2021-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-008148	date:	2022-03-04T08:29:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-689	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-0108	date:	2021-06-22T17:20:00.180

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371677	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-008148	date:	2022-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-689	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-0108	date:	2021-06-09T20:15:08.770