nvd-json-data-feeds/CVE-2020/CVE-2020-244xx/CVE-2020-24485.json

{
  "id": "CVE-2020-24485",
  "sourceIdentifier": "secure@intel.com",
  "published": "2021-02-17T14:15:17.593",
  "lastModified": "2021-06-09T19:15:08.720",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "La comprobaci\u00f3n de condiciones inadecuadas en el controlador Intel(R) FPGA OPAE para Linux antes de la versi\u00f3n 4.17 del kernel puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "2020",
              "matchCriteriaId": "606C00BD-C2D5-4101-B836-2F24C98CE382"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:update1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9CDC88-2994-4662-A549-20B58F72D39C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:update2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8A88E10-721C-4102-BD0F-381DE75F5E7D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:update3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25580DC-7C9C-4B07-BA51-C971314D667D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00440.html",
      "source": "secure@intel.com"
    }
  ]
}