Details of VAR-202106-0894

ID

VAR-202106-0894

CVE

CVE-2021-0112

TITLE

Windows for Intel Unite(R) Client Unquoted Search Path or Element Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-008149

DESCRIPTION

Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States

Trust: 2.25

sources: NVD: CVE-2021-0112 // JVNDB: JVNDB-2021-008149 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-371681

AFFECTED PRODUCTS

vendor:	intel	model:	unite	scope:	lt	version:	4.2.25031	Trust: 1.0
vendor:	インテル	model:	intel unite	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel unite	scope:	eq	version:	4.2.25031	Trust: 0.8

sources: JVNDB: JVNDB-2021-008149 // NVD: CVE-2021-0112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0112
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-0112
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-693
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-371681
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0112
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-371681
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0112
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-0112
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371681 // JVNDB: JVNDB-2021-008149 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-693 // NVD: CVE-2021-0112

PROBLEMTYPE DATA

problemtype:	CWE-428	Trust: 1.1
problemtype:	Unquoted search path or element (CWE-428) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371681 // JVNDB: JVNDB-2021-008149 // NVD: CVE-2021-0112

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-693

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	INTEL-SA-00506	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00506.html	Trust: 0.8
title:	Intel Unite Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154315	Trust: 0.6

sources: JVNDB: JVNDB-2021-008149 // CNNVD: CNNVD-202106-693

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0112	Trust: 3.3
db:	JVN	id:	JVNVU99965981	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-008149	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021061523	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2021	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-693	Trust: 0.6
db:	VULHUB	id:	VHN-371681	Trust: 0.1

sources: VULHUB: VHN-371681 // JVNDB: JVNDB-2021-008149 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-693 // NVD: CVE-2021-0112

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00506.html	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu99965981/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0112	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2021	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061523	Trust: 0.6

sources: VULHUB: VHN-371681 // JVNDB: JVNDB-2021-008149 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-693 // NVD: CVE-2021-0112

SOURCES

db:	VULHUB	id:	VHN-371681
db:	JVNDB	id:	JVNDB-2021-008149
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-693
db:	NVD	id:	CVE-2021-0112

LAST UPDATE DATE

2024-08-14T12:15:48.713000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371681	date:	2021-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-008149	date:	2022-03-04T08:29:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-693	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-0112	date:	2021-06-22T17:31:58.853

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371681	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-008149	date:	2022-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-693	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-0112	date:	2021-06-09T20:15:08.803