Improper access control in Intel Unite Cloud Service Client


Published: 2020-11-12


Risk
Low
Patch available
YES
Number of vulnerabilities
1
CVE ID
CVE-2020-12331
CWE ID
CWE-284
Exploitation vector
Local
Public exploit
N/A
Vulnerable softwareSubscribe
Intel Unite Cloud ServiceHardware solutions / Firmware
Vendor
Intel

Security Advisory


This security advisory describes one low risk vulnerability.



1) Improper access control


Risk: Low


CVSSv3: 5.8 [CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]


CVE-ID: CVE-2020-12331


CWE-ID: CWE-284 - Improper Access Control


Exploit availability: No


Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.


The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

Intel Unite Cloud Service:


CPE
External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00418.html


< ..

Support the originator by clicking the read the rest link below.