cvelistv5 - CVE-2020-0547

CVE-2020-0547 (GCVE-0-2020-0547)

Vulnerability from cvelistv5 – Published: 2020-04-15 16:58 – Updated: 2024-08-04 06:02

Summary

Severity ?

No CVSS data available.

CWE

Escalation of Privilege

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Data Migration Software	Affected: See provided reference

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:02:52.195Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Data Migration Software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See provided reference"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T16:58:08",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Data Migration Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See provided reference"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2020-0547",
    "datePublished": "2020-04-15T16:58:08",
    "dateReserved": "2019-10-28T00:00:00",
    "dateUpdated": "2024-08-04T06:02:52.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:data_migration:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3\", \"matchCriteriaId\": \"0318CDF9-6CF5-4E23-87ED-6CC0212A0500\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.\"}, {\"lang\": \"es\", \"value\": \"Los permisos predeterminados incorrectos en el instalador de Intel\\u00ae Data Migration Software versiones 3.3 y anteriores, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local.\"}]",
      "id": "CVE-2020-0547",
      "lastModified": "2024-11-21T04:53:43.050",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-15T17:15:13.890",
      "references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-0547\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2020-04-15T17:15:13.890\",\"lastModified\":\"2024-11-21T04:53:43.050\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.\"},{\"lang\":\"es\",\"value\":\"Los permisos predeterminados incorrectos en el instalador de Intel\u00ae Data Migration Software versiones 3.3 y anteriores, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:data_migration:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3\",\"matchCriteriaId\":\"0318CDF9-6CF5-4E23-87ED-6CC0212A0500\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-202004-0366

Vulnerability from variot - Updated: 2023-12-18 11:15

Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Data Migration Software There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Data Migration Software is a set of data migration software from Intel Corporation of the United States. The software supports data migration between two storage drives. An attacker could exploit this vulnerability to elevate privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0366",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "data migration",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3.3"
      },
      {
        "model": "data migration software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "3.3"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:data_migration:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "cve": "CVE-2020-0547",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004593",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-161981",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004593",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-0547",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004593",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-1203",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-161981",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Data Migration Software There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Data Migration Software is a set of data migration software from Intel Corporation of the United States. The software supports data migration between two storage drives. An attacker could exploit this vulnerability to elevate privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0547",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVNVU97303667",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-33647",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-161981",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      }
    ]
  },
  "id": "VAR-202004-0366",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:15:30.552000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00327",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-276",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0547"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu97303667/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0547\\"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0547"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "date": "2020-04-15T17:15:13.890000",
        "db": "NVD",
        "id": "CVE-2020-0547"
      },
      {
        "date": "2020-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "date": "2020-04-23T20:14:17.163000",
        "db": "NVD",
        "id": "CVE-2020-0547"
      },
      {
        "date": "2020-04-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel(R) Data Migration Software Vulnerability regarding improper default permissions in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2020-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	les produits Intel PROSet/Wireless WiFi sur Windows 10 versions antérieures à 21.70 (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Data Migration Software versions 3.3 et antérieures (produit en fin de vie)
Intel	N/A	Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)
Intel	N/A	Intel Driver and Support Assistant versions antérieures à 20.1.5
Intel	N/A	Intel NUC (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Binary Configuration Tool (produit en fin de vie)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00363 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00327 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00351 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00359 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00338 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00344 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les produits Intel PROSet/Wireless WiFi sur Windows 10 versions ant\u00e9rieures \u00e0 21.70 (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Data Migration Software versions 3.3 et ant\u00e9rieures (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver and Support Assistant versions ant\u00e9rieures \u00e0 20.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Binary Configuration Tool (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0577"
    },
    {
      "name": "CVE-2020-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0600"
    },
    {
      "name": "CVE-2020-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0568"
    },
    {
      "name": "CVE-2020-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0598"
    },
    {
      "name": "CVE-2020-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0547"
    },
    {
      "name": "CVE-2020-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0557"
    },
    {
      "name": "CVE-2020-0576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0576"
    },
    {
      "name": "CVE-2020-0558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0558"
    },
    {
      "name": "CVE-2020-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0578"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00363 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00327 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00351 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00359 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00338 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00344 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00344.html"
    }
  ]
}

CERTFR-2020-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	les produits Intel PROSet/Wireless WiFi sur Windows 10 versions antérieures à 21.70 (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Data Migration Software versions 3.3 et antérieures (produit en fin de vie)
Intel	N/A	Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)
Intel	N/A	Intel Driver and Support Assistant versions antérieures à 20.1.5
Intel	N/A	Intel NUC (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Binary Configuration Tool (produit en fin de vie)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00363 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00327 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00351 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00359 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00338 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00344 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les produits Intel PROSet/Wireless WiFi sur Windows 10 versions ant\u00e9rieures \u00e0 21.70 (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Data Migration Software versions 3.3 et ant\u00e9rieures (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver and Support Assistant versions ant\u00e9rieures \u00e0 20.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Binary Configuration Tool (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0577"
    },
    {
      "name": "CVE-2020-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0600"
    },
    {
      "name": "CVE-2020-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0568"
    },
    {
      "name": "CVE-2020-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0598"
    },
    {
      "name": "CVE-2020-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0547"
    },
    {
      "name": "CVE-2020-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0557"
    },
    {
      "name": "CVE-2020-0576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0576"
    },
    {
      "name": "CVE-2020-0558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0558"
    },
    {
      "name": "CVE-2020-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0578"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00363 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00327 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00351 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00359 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00338 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00344 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00344.html"
    }
  ]
}

GHSA-75P3-2PW6-C8RW

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-0547"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-75p3-2pw6-c8rw",
  "modified": "2022-05-24T17:14:25Z",
  "published": "2022-05-24T17:14:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0547"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2020-0547

Vulnerability from fkie_nvd - Published: 2020-04-15 17:15 - Updated: 2024-11-21 04:53

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	data_migration	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:data_migration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0318CDF9-6CF5-4E23-87ED-6CC0212A0500",
              "versionEndIncluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "Los permisos predeterminados incorrectos en el instalador de Intel\u00ae Data Migration Software versiones 3.3 y anteriores, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local."
    }
  ],
  "id": "CVE-2020-0547",
  "lastModified": "2024-11-21T04:53:43.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T17:15:13.890",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-33647

Vulnerability from cnvd - Published: 2020-06-18

Title

Intel Data Migration Software权限提升漏洞

Description

Intel Data Migration Software是美国英特尔（Intel）公司的一套数据迁移软件。该软件支持在两个存储驱动器之间进行数据迁移。 Intel Data Migration Software 3.3及之前版本中的安装程序存在安全漏洞，该漏洞源于错误的默认权限。攻击者可利用该漏洞提升权限。

Severity

中

Patch Name

Intel Data Migration Software权限提升漏洞的补丁

Patch Description

Intel Data Migration Software是美国英特尔（Intel）公司的一套数据迁移软件。该软件支持在两个存储驱动器之间进行数据迁移。 Intel Data Migration Software 3.3及之前版本中的安装程序存在安全漏洞，该漏洞源于错误的默认权限。攻击者可利用该漏洞提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

据厂商提供的信息，该软件已停止更新，相关信息请随时关注厂商主页： https://www.intel.com/

Reference

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html

Impacted products

Name
Intel Data Migration Software <=3.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0547"
    }
  },
  "description": "Intel Data Migration Software\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u8fc1\u79fb\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5728\u4e24\u4e2a\u5b58\u50a8\u9a71\u52a8\u5668\u4e4b\u95f4\u8fdb\u884c\u6570\u636e\u8fc1\u79fb\u3002\n\nIntel Data Migration Software 3.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u636e\u5382\u5546\u63d0\u4f9b\u7684\u4fe1\u606f\uff0c\u8be5\u8f6f\u4ef6\u5df2\u505c\u6b62\u66f4\u65b0\uff0c\u76f8\u5173\u4fe1\u606f\u8bf7\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.intel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-33647",
  "openTime": "2020-06-18",
  "patchDescription": "Intel Data Migration Software\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u8fc1\u79fb\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5728\u4e24\u4e2a\u5b58\u50a8\u9a71\u52a8\u5668\u4e4b\u95f4\u8fdb\u884c\u6570\u636e\u8fc1\u79fb\u3002\r\n\r\nIntel Data Migration Software 3.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Data Migration Software\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Data Migration Software \u003c=3.3"
  },
  "referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-16",
  "title": "Intel Data Migration Software\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

GSD-2020-0547

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-0547

Aliases

CVE-2020-0547

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-0547",
    "description": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.",
    "id": "GSD-2020-0547"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-0547"
      ],
      "details": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.",
      "id": "GSD-2020-0547",
      "modified": "2023-12-13T01:21:44.807342Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2020-0547",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) Data Migration Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See provided reference"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:data_migration:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0547"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-04-23T20:14Z",
      "publishedDate": "2020-04-15T17:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-0547 (GCVE-0-2020-0547)

VAR-202004-0366

CERTFR-2020-AVI-215

Solution

CERTFR-2020-AVI-215

Solution

GHSA-75P3-2PW6-C8RW

FKIE_CVE-2020-0547

CNVD-2020-33647

GSD-2020-0547

Tags

Sightings

Nomenclature