cvelistv5 - CVE-2020-0598

CVE-2020-0598 (GCVE-0-2020-0598)

Vulnerability from cvelistv5 – Published: 2020-04-15 16:58 – Updated: 2024-08-04 06:11

Summary

Severity ?

No CVSS data available.

CWE

Escalation of Privilege

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Binary Configuration Tool for Windows	Affected: See provided reference

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:04.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Binary Configuration Tool for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See provided reference"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-21T16:28:36",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0598",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Binary Configuration Tool for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See provided reference"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2020-0598",
    "datePublished": "2020-04-15T16:58:47",
    "dateReserved": "2019-10-28T00:00:00",
    "dateUpdated": "2024-08-04T06:11:04.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:binary_configuration_tool:*:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"971E6FAF-E6A5-4289-9505-FED5F4CF3840\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.\"}, {\"lang\": \"es\", \"value\": \"Una ruta de b\\u00fasqueda no controlada en el instalador de Intel\\u00ae Binary Configuration Tool para Windows, en todas las versiones, puede permitir a un usuario autentificado habilitar potencialmente una escalada de privilegios por medio de un acceso local.\"}]",
      "id": "CVE-2020-0598",
      "lastModified": "2024-11-21T04:53:49.727",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-04-15T17:15:14.263",
      "references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-0598\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2020-04-15T17:15:14.263\",\"lastModified\":\"2024-11-21T04:53:49.727\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.\"},{\"lang\":\"es\",\"value\":\"Una ruta de b\u00fasqueda no controlada en el instalador de Intel\u00ae Binary Configuration Tool para Windows, en todas las versiones, puede permitir a un usuario autentificado habilitar potencialmente una escalada de privilegios por medio de un acceso local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:binary_configuration_tool:*:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"971E6FAF-E6A5-4289-9505-FED5F4CF3840\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-7MFQ-GX26-8C7W

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-0598"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-7mfq-gx26-8c7w",
  "modified": "2022-05-24T17:14:25Z",
  "published": "2022-05-24T17:14:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0598"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-0598

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-0598

Aliases

CVE-2020-0598

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-0598",
    "description": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",
    "id": "GSD-2020-0598"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-0598"
      ],
      "details": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",
      "id": "GSD-2020-0598",
      "modified": "2023-12-13T01:21:45.064629Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2020-0598",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) Binary Configuration Tool for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See provided reference"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:binary_configuration_tool:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0598"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-04-23T19:30Z",
      "publishedDate": "2020-04-15T17:15Z"
    }
  }
}

FKIE_CVE-2020-0598

Vulnerability from fkie_nvd - Published: 2020-04-15 17:15 - Updated: 2024-11-21 04:53

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	binary_configuration_tool	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:binary_configuration_tool:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "971E6FAF-E6A5-4289-9505-FED5F4CF3840",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "Una ruta de b\u00fasqueda no controlada en el instalador de Intel\u00ae Binary Configuration Tool para Windows, en todas las versiones, puede permitir a un usuario autentificado habilitar potencialmente una escalada de privilegios por medio de un acceso local."
    }
  ],
  "id": "CVE-2020-0598",
  "lastModified": "2024-11-21T04:53:49.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T17:15:14.263",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-28232

Vulnerability from cnvd - Published: 2020-05-14

Title

Intel Binary Configuration Tool代码问题漏洞

Description

Intel Binary Configuration Tool是美国英特尔（Intel）公司的一款用于更改嵌入在Intel FSP（固件支持包）二进制文件中配置设置的实用程序。基于Windows平台的Intel Binary Configuration Tool中的安装程序存在安全漏洞。攻击者可借助特制文件利用该漏洞提升权限。

Severity

中

Formal description

据厂商提供的信息，该软件已停止更新，相关信息请随时关注厂商主页： https://www.intel.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-0598

Impacted products

Name
Intel Binary Configuration Tool

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0598"
    }
  },
  "description": "Intel Binary Configuration Tool\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u66f4\u6539\u5d4c\u5165\u5728Intel FSP\uff08\u56fa\u4ef6\u652f\u6301\u5305\uff09\u4e8c\u8fdb\u5236\u6587\u4ef6\u4e2d\u914d\u7f6e\u8bbe\u7f6e\u7684\u5b9e\u7528\u7a0b\u5e8f\u3002\n\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Intel Binary Configuration Tool\u4e2d\u7684\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u636e\u5382\u5546\u63d0\u4f9b\u7684\u4fe1\u606f\uff0c\u8be5\u8f6f\u4ef6\u5df2\u505c\u6b62\u66f4\u65b0\uff0c\u76f8\u5173\u4fe1\u606f\u8bf7\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.intel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-28232",
  "openTime": "2020-05-14",
  "products": {
    "product": "Intel Binary Configuration Tool"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-0598",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-16",
  "title": "Intel Binary Configuration Tool\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

CERTFR-2020-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	les produits Intel PROSet/Wireless WiFi sur Windows 10 versions antérieures à 21.70 (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Data Migration Software versions 3.3 et antérieures (produit en fin de vie)
Intel	N/A	Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)
Intel	N/A	Intel Driver and Support Assistant versions antérieures à 20.1.5
Intel	N/A	Intel NUC (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Binary Configuration Tool (produit en fin de vie)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00363 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00327 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00351 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00359 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00338 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00344 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les produits Intel PROSet/Wireless WiFi sur Windows 10 versions ant\u00e9rieures \u00e0 21.70 (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Data Migration Software versions 3.3 et ant\u00e9rieures (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver and Support Assistant versions ant\u00e9rieures \u00e0 20.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Binary Configuration Tool (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0577"
    },
    {
      "name": "CVE-2020-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0600"
    },
    {
      "name": "CVE-2020-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0568"
    },
    {
      "name": "CVE-2020-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0598"
    },
    {
      "name": "CVE-2020-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0547"
    },
    {
      "name": "CVE-2020-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0557"
    },
    {
      "name": "CVE-2020-0576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0576"
    },
    {
      "name": "CVE-2020-0558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0558"
    },
    {
      "name": "CVE-2020-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0578"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00363 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00327 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00351 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00359 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00338 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00344 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00344.html"
    }
  ]
}

CERTFR-2020-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	les produits Intel PROSet/Wireless WiFi sur Windows 10 versions antérieures à 21.70 (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Data Migration Software versions 3.3 et antérieures (produit en fin de vie)
Intel	N/A	Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)
Intel	N/A	Intel Driver and Support Assistant versions antérieures à 20.1.5
Intel	N/A	Intel NUC (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Binary Configuration Tool (produit en fin de vie)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00363 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00327 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00351 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00359 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00338 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00344 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les produits Intel PROSet/Wireless WiFi sur Windows 10 versions ant\u00e9rieures \u00e0 21.70 (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Data Migration Software versions 3.3 et ant\u00e9rieures (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver and Support Assistant versions ant\u00e9rieures \u00e0 20.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Binary Configuration Tool (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0577"
    },
    {
      "name": "CVE-2020-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0600"
    },
    {
      "name": "CVE-2020-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0568"
    },
    {
      "name": "CVE-2020-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0598"
    },
    {
      "name": "CVE-2020-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0547"
    },
    {
      "name": "CVE-2020-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0557"
    },
    {
      "name": "CVE-2020-0576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0576"
    },
    {
      "name": "CVE-2020-0558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0558"
    },
    {
      "name": "CVE-2020-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0578"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00363 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00327 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00351 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00359 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00338 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00344 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00344.html"
    }
  ]
}

VAR-202004-0092

Vulnerability from variot - Updated: 2023-12-18 14:04

Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be put into a state. Intel Binary Configuration Tool is a utility from Intel Corporation of America to change configuration settings embedded in Intel FSP (Firmware Support Package) binary files. A security vulnerability exists in the installer of the Windows-based Intel Binary Configuration Tool. An attacker could exploit this vulnerability to elevate privileges with a specially crafted file

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0092",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "binary configuration tool",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "*"
      },
      {
        "model": "binary configuration tool",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0598"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:binary_configuration_tool:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0598"
      }
    ]
  },
  "cve": "CVE-2020-0598",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004599",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-162032",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004599",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-0598",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004599",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-1198",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-162032",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-162032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1198"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be put into a state. Intel Binary Configuration Tool is a utility from Intel Corporation of America to change configuration settings embedded in Intel FSP (Firmware Support Package) binary files. A security vulnerability exists in the installer of the Windows-based Intel Binary Configuration Tool. An attacker could exploit this vulnerability to elevate privileges with a specially crafted file",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "db": "VULHUB",
        "id": "VHN-162032"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0598",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1198",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-162032",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-162032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1198"
      }
    ]
  },
  "id": "VAR-202004-0092",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-162032"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:04:45.683000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00359",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-426",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-162032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0598"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0598"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0598"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-162032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1198"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-162032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1198"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-162032"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "date": "2020-04-15T17:15:14.263000",
        "db": "NVD",
        "id": "CVE-2020-0598"
      },
      {
        "date": "2020-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1198"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-162032"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      },
      {
        "date": "2020-04-23T19:30:44.280000",
        "db": "NVD",
        "id": "CVE-2020-0598"
      },
      {
        "date": "2020-04-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1198"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows for  Intel(R) Binary Configuration Tool Unreliable search path vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004599"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1198"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-0598 (GCVE-0-2020-0598)

GHSA-7MFQ-GX26-8C7W

GSD-2020-0598

FKIE_CVE-2020-0598

CNVD-2020-28232

CERTFR-2020-AVI-215

Solution

CERTFR-2020-AVI-215

Solution

VAR-202004-0092

Tags

Sightings

Nomenclature