{"vulnerability": "CVE-2020-1289", "sightings": [{"uuid": "79443095-df32-42e9-b281-70d42fa0142b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12898", "type": "seen", "source": "https://t.me/cibsecurity/32464", "content": "\u203c CVE-2020-12898 \u203c\n\nStack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:14:56.000000Z"}, {"uuid": "aeba56c8-e718-41ce-ae22-ff14599d416b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12891", "type": "seen", "source": "https://t.me/cibsecurity/36915", "content": "\u203c CVE-2020-12891 \u203c\n\nAMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T02:45:37.000000Z"}, {"uuid": "b18cd56b-0029-4af9-bc58-db3cf5d6d4e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12894", "type": "seen", "source": "https://t.me/cibsecurity/32484", "content": "\u203c CVE-2020-12894 \u203c\n\nArbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:20:56.000000Z"}, {"uuid": "1c6124f9-1522-4ba2-8fa2-92ac37f70082", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12899", "type": "seen", "source": "https://t.me/cibsecurity/32492", "content": "\u203c CVE-2020-12899 \u203c\n\nArbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:26:36.000000Z"}, {"uuid": "6c9cd984-85ba-4449-bb22-0429d8130764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12892", "type": "seen", "source": "https://t.me/cibsecurity/32458", "content": "\u203c CVE-2020-12892 \u203c\n\nAn untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:14:49.000000Z"}, {"uuid": "9bce7e84-e1fe-4e8d-8579-d74e7477a312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12890", "type": "seen", "source": "https://t.me/SecLabNews/7901", "content": "\u0412 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 \u0438 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 AMD, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0432 2016-2019 \u0433\u043e\u0434\u0430\u0445, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0442\u0440\u0438 \u0432\u044b\u0441\u043e\u043a\u043e \u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u043e\u0431\u0449\u0435\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 SMM Callout Privilege Escalation. \u0421 \u0438\u0445 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438\u043b\u0438 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u043e\u0439. \u041e\u0434\u043d\u0430 \u0438\u0437 \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (CVE-2020-14032) \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c 8 \u0438\u044e\u043d\u044f, \u0430 \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u0434\u0440\u0443\u0433\u0438\u0445 (\u043e\u0434\u043d\u043e\u0439 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2020-12890, \u0430 \u0434\u0440\u0443\u0433\u0430\u044f \u043f\u043e\u043a\u0430 \u0431\u0435\u0437 CVE) \u043f\u043e\u044f\u0432\u044f\u0442\u0441\u044f \u043f\u043e\u0437\u0434\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435.    \n\u0412 AMD APU \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0442\u0440\u0438 \u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438", "creation_timestamp": "2020-10-06T07:16:35.000000Z"}, {"uuid": "8fc51d06-7600-441f-8a53-162b5e27804c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12890", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1299", "content": "#exploit\n1. CVE-2020-4046:\nA subtle stored-XSS in WordPress core\nhttps://pentest.co.uk/labs/research/subtle-stored-xss-wordpress-core/\n\n2. CVE-2020-12890:\nAttacking the Golden Ring on AMD Mini-PC/SMM Callout Privilege Escalation\nhttps://medium.com/@dannyodler/attacking-the-golden-ring-on-amd-mini-pc-b7bfb217b437", "creation_timestamp": "2024-10-29T18:43:58.000000Z"}]}