Multiple vulnerabilities in Intel Ethernet I210 Controller
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-0522 CVE-2020-0523 CVE-2020-0524 CVE-2020-0525 |
| CWE-ID | CWE-665 CWE-284 CWE-276 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Ethernet I210 Controller Hardware solutions / Drivers |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper Initialization
EUVDB-ID: #VU50576
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0522
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can run a specially crafted application to crash the system.
Install updates from vendor's website.
Vulnerable software versionsIntel Ethernet I210 Controller: before 3.30
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00318.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU50577
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0523
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local privileged user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Ethernet I210 Controller: before 3.30
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00318.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect default permissions
EUVDB-ID: #VU50578
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0524
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to incorrect default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can perform a denial of service attack.
Install updates from vendor's website.
Vulnerable software versionsIntel Ethernet I210 Controller: before 3.30
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00318.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU50579
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0525
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsIntel Ethernet I210 Controller: before 3.30
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00318.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
