Lucene search

IntelCVE-2020-12350

HistoryNov 12, 2020 - 7:15 p.m.

CVE-2020-12350

2020-11-1219:15:14

intel

web.nvd.nist.gov

cve-2020-12350

intel

xtu

access control

privilege escalation

local access

security vulnerability

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Improper access control in the Intel® XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Nvd

Vulners

Node

intelextreme_tuning_utilityRange<6.5.1.360

VendorProductVersionCPE
intelextreme_tuning_utility*cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	extreme_tuning_utility	*	cpe:2.3:a:intel:extreme_tuning_utility::::::::

CNA Affected

[
  {
    "product": "Intel(R) XTU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before version 6.5.1.360"
      }
    ]
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00429

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-12350