Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00430
HistoryNov 10, 2020 - 12:00 a.m.

Intel® Data Center Manager Console Advisory

2020-11-1000:00:00
Intel Security Center
www.intel.com
6

0.001 Low

EPSS

Percentile

40.3%

JSON

Summary:

Potential security vulnerabilities in the Intel® Data Center Manager Console may allow denial of service, information disclosure or escalation of privilege.** **Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details

CVEID: CVE-2020-12347

Description: Improper input validation in the Intel® Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 7.6 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H

CVEID: CVE-2020-8669

Description: Improper input validation in the Intel® Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

CVEID: CVE-2020-12345

Description: Improper permissions in the installer for the Intel® Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2020-12353

Description: Improper permissions in the Intel® Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CVEID: CVE-2020-12349

Description: Improper input validation in the Intel® Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 3.5 Low

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Affected Products:

Intel® Data Center Manager Console before version 3.6.2.****

Recommendations:

Intel recommends updating Intel® Data Center Manager Console to 3.6.2 or later.

Updates are available for download at this location: <https://downloadcenter.intel.com/download/28894&gt;

Acknowledgements:

Intel would like to thank j00sean (CVE-2020-8669, CVE-2020-12349, CVE-2020-12353), Marius Gabriel Mihai (CVE-2020-12345), j0bounties (CVE-2020-12347) for reporting these issues and working with us on coordinated disclosure.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cvelist 5
cve 5
nvd 5
prion 5
threatpost 1
cvelist
cvelist
CVE-2020-12347
2020-11-12 18:55:03
CVE-2020-12353
2020-11-12 18:55:32
CVE-2020-12345
2020-11-12 18:55:25
cve
cve
CVE-2020-12345
2020-11-12 19:15:14
CVE-2020-12347
2020-11-12 19:15:14
CVE-2020-12353
2020-11-12 19:15:14
nvd
nvd
CVE-2020-12345
2020-11-12 19:15:14
CVE-2020-12353
2020-11-12 19:15:14
CVE-2020-12349
2020-11-12 19:15:14
prion
prion
Input validation
2020-11-12 19:15:00
Input validation
2020-11-12 19:15:00
Input validation
2020-11-12 19:15:00
threatpost
threatpost
Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs
2020-11-10 20:59:04

0.001 Low

EPSS

Percentile

40.3%

JSON
Related for INTEL:INTEL-SA-00430
cvelist5cve5nvd5prion5threatpost1