CVE-2020-24511

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 2.1 LOW

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html	Vendor Advisory
https://security.netapp.com/advisory/ntap-20210611-0005/	Third Party Advisory
https://www.debian.org/security/2021/dsa-4934	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:intel:microcode:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:netapp:fas\/aff_bios:-:::::::*
	cpe:2.3:o:netapp:hci_compute_node_bios:-:::::::*
	cpe:2.3:o:netapp:solidfire_bios:-:::::::*

Information

Published : 2021-06-09 12:15

Updated : 2021-09-09 05:55

NVD link : CVE-2020-24511

Mitre link : CVE-2020-24511

JSON object : View

CWE

CWE-668

Exposure of Resource to Wrong Sphere

Advertisement

Products Affected

netapp

solidfire_bios
fas\/aff_bios
hci_compute_node_bios

intel

microcode

debian

debian_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20210611-0005/", "name": "https://security.netapp.com/advisory/ntap-20210611-0005/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.debian.org/security/2021/dsa-4934", "name": "DSA-4934", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html", "name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", "tags": ["Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-668"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-24511", "ASSIGNER": "secure@intel.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}}, "publishedDate": "2021-06-09T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:intel:microcode:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "20210608"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netapp:fas\\/aff_bios:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netapp:solidfire_bios:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-09-09T12:55Z"}