Details of VAR-202106-0899

ID

VAR-202106-0899

CVE

CVE-2021-0143

TITLE

Intel(R) Brand Verification Tool Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008240

DESCRIPTION

Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Brand Verification Tool Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Brand Verification Tool (BVT) is a tool used by Intel Corporation to test vPro and generate reports. After the test is passed, the customer can obtain the qualification to stick the vPro Logo by submitting the report

Trust: 1.71

sources: NVD: CVE-2021-0143 // JVNDB: JVNDB-2021-008240 // VULHUB: VHN-371712

AFFECTED PRODUCTS

vendor:	intel	model:	brand verification tool	scope:	lt	version:	11.0.0.1225	Trust: 1.0
vendor:	インテル	model:	intel brand verification tool	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel brand verification tool	scope:	eq	version:	11.0.0.1225	Trust: 0.8

sources: JVNDB: JVNDB-2021-008240 // NVD: CVE-2021-0143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0143
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-0143
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202106-1397
value:	HIGH
Trust: 0.6
VULHUB:	VHN-371712
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0143
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-371712
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0143
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-0143
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371712 // JVNDB: JVNDB-2021-008240 // CNNVD: CNNVD-202106-1397 // NVD: CVE-2021-0143

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371712 // JVNDB: JVNDB-2021-008240 // NVD: CVE-2021-0143

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1397

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-1397

PATCH

title:	INTEL-SA-00546	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html	Trust: 0.8
title:	Intel Brand Verification Tool Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154482	Trust: 0.6

sources: JVNDB: JVNDB-2021-008240 // CNNVD: CNNVD-202106-1397

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0143	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-008240	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-1397	Trust: 0.6
db:	VULHUB	id:	VHN-371712	Trust: 0.1

sources: VULHUB: VHN-371712 // JVNDB: JVNDB-2021-008240 // CNNVD: CNNVD-202106-1397 // NVD: CVE-2021-0143

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0143	Trust: 1.4

sources: VULHUB: VHN-371712 // JVNDB: JVNDB-2021-008240 // CNNVD: CNNVD-202106-1397 // NVD: CVE-2021-0143

SOURCES

db:	VULHUB	id:	VHN-371712
db:	JVNDB	id:	JVNDB-2021-008240
db:	CNNVD	id:	CNNVD-202106-1397
db:	NVD	id:	CVE-2021-0143

LAST UPDATE DATE

2024-08-14T15:11:55.267000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371712	date:	2021-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-008240	date:	2022-03-09T08:23:00
db:	CNNVD	id:	CNNVD-202106-1397	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2021-0143	date:	2021-06-23T18:49:27.977

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371712	date:	2021-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-008240	date:	2022-03-09T00:00:00
db:	CNNVD	id:	CNNVD-202106-1397	date:	2021-06-17T00:00:00
db:	NVD	id:	CVE-2021-0143	date:	2021-06-17T12:15:07.890