nvd-json-data-feeds/CVE-2020/CVE-2020-86xx/CVE-2020-8687.json

{
  "id": "CVE-2020-8687",
  "sourceIdentifier": "secure@intel.com",
  "published": "2020-08-13T04:15:13.883",
  "lastModified": "2020-08-19T17:36:44.847",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "Una ruta de b\u00fasqueda no controlada en el instalador para Intel\u00ae RSTe Software RAID Driver para el Intel\u00ae Server Board M10JNP2SB versiones anteriores a 4.7.0.1119, puede permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intel:rste_software_raid:*:*:*:*:*:*:intel_server_board_m10jnp2sb:*",
              "versionEndExcluding": "4.7.0.1119",
              "matchCriteriaId": "FBB534CC-525B-4089-86BA-6EA835E237AA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00377.html",
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}