Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00422
HistoryNov 10, 2020 - 12:00 a.m.

Intel® Thunderbolt™ DCH Drivers for Windows* Advisory

2020-11-1000:00:00
Intel Security Center
www.intel.com
9

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary:

Potential security vulnerabilities in some Intel® Thunderbolt™ DCH drivers for Windows* may allow escalation of privilege or information disclosure.** **Intel is releasing updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-12325

Description: Improper buffer restrictions in some Intel® Thunderbolt™ DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.4 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2020-12324

Description: Protection mechanism failure in some Intel® Thunderbolt™ DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-12328

Description: Protection mechanism failure in some Intel® Thunderbolt™ DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVEID: CVE-2020-12327

Description: Insecure default variable initialization in some Intel® Thunderbolt™ DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N

CVEID: CVE-2020-12326

Description: Improper initialization in some Intel® Thunderbolt™ DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products:

Intel® Thunderbolt™ 3 and 4 DCH drivers for Windows* before version 72.

Recommendations:

Intel recommends that users of Intel® Thunderbolt™ 3 and 4 DCH drivers for Windows* update to the latest version provided by the system manufacturer that addresses these issues.__

Acknowledgements:

These issues were found internally by Intel.****

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

lenovo 1
hp 1
cvelist 5
prion 5
nvd 5
cve 5
threatpost 1
lenovo
lenovo
Intel Thunderbolt DCH Drivers for Windows Advisory - Lenovo Support NL
2020-11-04 17:09:31
hp
hp
HPSBHF03698 rev. 2 - Intel® Thunderbolt™ DCH Drivers November 2020 Security Updates
2020-11-06 00:00:00
cvelist
cvelist
CVE-2020-12324
2020-11-12 18:24:05
CVE-2020-12325
2020-11-12 18:18:20
CVE-2020-12328
2020-11-12 18:24:13
prion
prion
Information disclosure
2020-11-12 19:15:00
Session fixation
2020-11-12 19:15:00
Buffer overflow
2020-11-12 19:15:00
nvd
nvd
CVE-2020-12325
2020-11-12 19:15:13
CVE-2020-12324
2020-11-12 19:15:13
CVE-2020-12328
2020-11-12 19:15:13
cve
cve
CVE-2020-12325
2020-11-12 19:15:13
CVE-2020-12324
2020-11-12 19:15:13
CVE-2020-12328
2020-11-12 19:15:13
threatpost
threatpost
Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs
2020-11-10 20:59:04

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for INTEL:INTEL-SA-00422
lenovo1hp1cvelist5prion5nvd5cve5threatpost1