CVE-2020-0527 - Vulnerability Details - OpenCVE

Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Ssd D3-s4510 Ssd D3-s4510 Firmware Ssd Dc P4510 Ssd Dc P4510 Firmware Ssd Dc P4511 Ssd Dc P4511 Firmware Ssd Dc P4610 Ssd Dc P4610 Firmware Ssd Dc P4618 Ssd Dc P4618 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:ssd_d3-s4510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_d3-s4510:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:ssd_dc_p4510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4510:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:ssd_dc_p4610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4610:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:ssd_dc_p4618_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4618:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:ssd_dc_p4511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:ssd_dc_p4511:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2020-06-15T13:52:05

Updated: 2024-08-04T06:02:52.293Z

Reserved: 2019-10-28T00:00:00

Link: CVE-2020-0527

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-15T14:15:09.923

Modified: 2024-11-21T04:53:40.443

Link: CVE-2020-0527

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Intel(R) SSD", "vendor": "n/a", "versions": [{"status": "affected", "version": "See provided reference"}]}], "descriptions": [{"lang": "en", "value": "Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-15T13:52:05", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-0527", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) SSD", "version": {"version_data": [{"version_value": "See provided reference"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:02:52.293Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-0527", "datePublished": "2020-06-15T13:52:05", "dateReserved": "2019-10-28T00:00:00", "dateUpdated": "2024-08-04T06:02:52.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_d3-s4510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7755CCD-814A-4736-A79A-2BA52C38AC58", "versionEndExcluding": "xc311120", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_d3-s4510:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C52BE50-71AC-43D4-B9C1-82A520617342", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED9B7B13-962F-4C4C-9499-A3B7827B0FD0", "versionEndExcluding": "vdv10170", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4510:-:*:*:*:*:*:*:*", "matchCriteriaId": "318BEFE4-759C-4D96-ADF3-C756B22DBC87", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4610_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "24C02DB7-B68E-4DDB-ACF8-DCB1D9641ACE", "versionEndExcluding": "vdv10170", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4610:-:*:*:*:*:*:*:*", "matchCriteriaId": "AABB3B2D-6688-4260-AE2B-DE10D9C4D48B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4618_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC66725C-4D51-44C4-AE27-C1C37A9746D1", "versionEndExcluding": "vdv10170", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4618:-:*:*:*:*:*:*:*", "matchCriteriaId": "8545A3C6-F2E3-4CB0-8683-5A29824B0084", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:ssd_dc_p4511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1548E7B9-82A0-4661-9C01-98C3254AEE66", "versionEndExcluding": "vcv10370", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:ssd_dc_p4511:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD3F066A-8F32-4CF3-A639-CE711C440F27", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "Una administraci\u00f3n de flujo de control insuficiente en el firmware para algunos SSD de Intel\u00ae Data Center, puede permitir a un usuario privilegiado habilitar potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso local"}], "id": "CVE-2020-0527", "lastModified": "2024-11-21T04:53:40.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-15T14:15:09.923", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00266.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}