CVE-2020-0527

Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:ssd_d3-s4510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_d3-s4510:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:ssd_dc_p4510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4510:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:ssd_dc_p4610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4610:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:ssd_dc_p4618_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4618:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:ssd_dc_p4511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4511:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-15 14:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-0527

Mitre link : CVE-2020-0527

CVE.ORG link : CVE-2020-0527

JSON object : View

Products Affected

intel

ssd_dc_p4511
ssd_dc_p4618
ssd_dc_p4511_firmware
ssd_d3-s4510_firmware
ssd_dc_p4510_firmware
ssd_d3-s4510
ssd_dc_p4510
ssd_dc_p4610
ssd_dc_p4610_firmware
ssd_dc_p4618_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-0527", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2020-06-15T14:15:09.923", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "Una administraci\u00f3n de flujo de control insuficiente en el firmware para algunos SSD de Intel\u00ae Data Center, puede permitir a un usuario privilegiado habilitar potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso local"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_d3-s4510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7755CCD-814A-4736-A79A-2BA52C38AC58", "versionEndExcluding": "xc311120"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_d3-s4510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3C52BE50-71AC-43D4-B9C1-82A520617342"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED9B7B13-962F-4C4C-9499-A3B7827B0FD0", "versionEndExcluding": "vdv10170"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "318BEFE4-759C-4D96-ADF3-C756B22DBC87"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4610_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24C02DB7-B68E-4DDB-ACF8-DCB1D9641ACE", "versionEndExcluding": "vdv10170"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4610:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AABB3B2D-6688-4260-AE2B-DE10D9C4D48B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4618_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC66725C-4D51-44C4-AE27-C1C37A9746D1", "versionEndExcluding": "vdv10170"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4618:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8545A3C6-F2E3-4CB0-8683-5A29824B0084"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4511_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1548E7B9-82A0-4661-9C01-98C3254AEE66", "versionEndExcluding": "vcv10370"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4511:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD3F066A-8F32-4CF3-A639-CE711C440F27"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}