CVE-2020-12891

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

CVSS v3 7.8 HIGH
CVSS v2.0 4.4 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:amd:radeon_pro_software:::::enterprise:::*
	cpe:2.3:a:amd:radeon_software::::::::

History

21 Nov 2024, 05:00

Type	Values Removed	Values Added
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000 - Vendor Advisory~~	() https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000 - Vendor Advisory

09 Feb 2022, 14:11

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.4 v3 : 7.8
CWE		CWE-427
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000 -~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000 - Vendor Advisory
CPE		cpe:2.3:a:amd:radeon_software:::::::: cpe:2.3:a:amd:radeon_pro_software:::::enterprise:::*

04 Feb 2022, 23:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-04 23:15

Updated : 2024-11-21 05:00

NVD link : CVE-2020-12891

Mitre link : CVE-2020-12891

CVE.ORG link : CVE-2020-12891

JSON object : View

Products Affected

amd

radeon_pro_software
radeon_software

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2020-12891", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-02-04T23:15:10.247", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}, {"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable."}, {"lang": "es", "value": "El software Radeon de AMD puede ser vulnerable a un secuestro de DLL mediante la variable de ruta. Un usuario no privilegiado puede ser capaz de soltar su archivo DLL malicioso en cualquier ubicaci\u00f3n que est\u00e9 en la variable de entorno path"}], "lastModified": "2024-11-21T05:00:30.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C5BBBA61-F9B3-41D4-BAD1-8D31C9868F6F", "versionEndExcluding": "21.q2"}, {"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00350248-7850-480A-BACF-89DC9194F34E", "versionEndExcluding": "21.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@amd.com"}