cvelistv5 - cve-2020-0547

CVE-2020-0547 (GCVE-0-2020-0547)

Vulnerability from cvelistv5

Published

2020-04-15 16:58

Modified

2024-08-04 06:02

Severity ?

CWE

Escalation of Privilege

Summary

References

URL

	Vendor	Product	Version
	n/a	Intel(R) Data Migration Software	Version: See provided reference

var-202004-0366

Vulnerability from variot

Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Data Migration Software There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Data Migration Software is a set of data migration software from Intel Corporation of the United States. The software supports data migration between two storage drives. An attacker could exploit this vulnerability to elevate privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0366",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "data migration",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3.3"
      },
      {
        "model": "data migration software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "3.3"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:intel:data_migration_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      }
    ]
  },
  "cve": "CVE-2020-0547",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-0547",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004593",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-161981",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-0547",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004593",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-0547",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004593",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-1203",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-161981",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Data Migration Software There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Data Migration Software is a set of data migration software from Intel Corporation of the United States. The software supports data migration between two storage drives. An attacker could exploit this vulnerability to elevate privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0547",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVNVU97303667",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-33647",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-161981",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "id": "VAR-202004-0366",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:27:34.299000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00327",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-276",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0547"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu97303667/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0547\\"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0547"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "date": "2020-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      },
      {
        "date": "2020-04-15T17:15:13.890000",
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161981"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      },
      {
        "date": "2020-04-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      },
      {
        "date": "2024-11-21T04:53:43.050000",
        "db": "NVD",
        "id": "CVE-2020-0547"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel(R) Data Migration Software Vulnerability regarding improper default permissions in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004593"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1203"
      }
    ],
    "trust": 0.6
  }
}

gsd-2020-0547

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-0547

Aliases

CVE-2020-0547

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-0547",
    "description": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.",
    "id": "GSD-2020-0547"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-0547"
      ],
      "details": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.",
      "id": "GSD-2020-0547",
      "modified": "2023-12-13T01:21:44.807342Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2020-0547",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) Data Migration Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See provided reference"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:data_migration:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0547"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-04-23T20:14Z",
      "publishedDate": "2020-04-15T17:15Z"
    }
  }
}

ghsa-75p3-2pw6-c8rw

Vulnerability from github

Published

2022-05-24 17:14

Modified

2022-05-24 17:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-0547"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-75p3-2pw6-c8rw",
  "modified": "2022-05-24T17:14:25Z",
  "published": "2022-05-24T17:14:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0547"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2020-AVI-215

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	les produits Intel PROSet/Wireless WiFi sur Windows 10 versions antérieures à 21.70 (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Data Migration Software versions 3.3 et antérieures (produit en fin de vie)
Intel	N/A	Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)
Intel	N/A	Intel Driver and Support Assistant versions antérieures à 20.1.5
Intel	N/A	Intel NUC (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Binary Configuration Tool (produit en fin de vie)

References

Title

Publication Time

cnvd-2020-33647

Vulnerability from cnvd

Title

Intel Data Migration Software权限提升漏洞

Description

Intel Data Migration Software是美国英特尔（Intel）公司的一套数据迁移软件。该软件支持在两个存储驱动器之间进行数据迁移。 Intel Data Migration Software 3.3及之前版本中的安装程序存在安全漏洞，该漏洞源于错误的默认权限。攻击者可利用该漏洞提升权限。

Severity

中

Patch Name

Intel Data Migration Software权限提升漏洞的补丁

Patch Description

Intel Data Migration Software是美国英特尔（Intel）公司的一套数据迁移软件。该软件支持在两个存储驱动器之间进行数据迁移。 Intel Data Migration Software 3.3及之前版本中的安装程序存在安全漏洞，该漏洞源于错误的默认权限。攻击者可利用该漏洞提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

据厂商提供的信息，该软件已停止更新，相关信息请随时关注厂商主页： https://www.intel.com/

Reference

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html

Impacted products

Name
Intel Data Migration Software <=3.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0547"
    }
  },
  "description": "Intel Data Migration Software\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u8fc1\u79fb\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5728\u4e24\u4e2a\u5b58\u50a8\u9a71\u52a8\u5668\u4e4b\u95f4\u8fdb\u884c\u6570\u636e\u8fc1\u79fb\u3002\n\nIntel Data Migration Software 3.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u636e\u5382\u5546\u63d0\u4f9b\u7684\u4fe1\u606f\uff0c\u8be5\u8f6f\u4ef6\u5df2\u505c\u6b62\u66f4\u65b0\uff0c\u76f8\u5173\u4fe1\u606f\u8bf7\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.intel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-33647",
  "openTime": "2020-06-18",
  "patchDescription": "Intel Data Migration Software\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u8fc1\u79fb\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5728\u4e24\u4e2a\u5b58\u50a8\u9a71\u52a8\u5668\u4e4b\u95f4\u8fdb\u884c\u6570\u636e\u8fc1\u79fb\u3002\r\n\r\nIntel Data Migration Software 3.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Data Migration Software\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Data Migration Software \u003c=3.3"
  },
  "referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-16",
  "title": "Intel Data Migration Software\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

fkie_cve-2020-0547

Vulnerability from fkie_nvd

Published

2020-04-15 17:15

Modified

2024-11-21 04:53

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	data_migration	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:data_migration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0318CDF9-6CF5-4E23-87ED-6CC0212A0500",
              "versionEndIncluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "Los permisos predeterminados incorrectos en el instalador de Intel\u00ae Data Migration Software versiones 3.3 y anteriores, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local."
    }
  ],
  "id": "CVE-2020-0547",
  "lastModified": "2024-11-21T04:53:43.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T17:15:13.890",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-0547 (GCVE-0-2020-0547)

Vulnerability from cvelistv5

var-202004-0366

Vulnerability from variot

gsd-2020-0547

Vulnerability from gsd

ghsa-75p3-2pw6-c8rw

Vulnerability from github

CERTFR-2020-AVI-215

Vulnerability from certfr_avis

Solution

cnvd-2020-33647

Vulnerability from cnvd

fkie_cve-2020-0547

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature