Multiple vunerabilities in Intel Ethernet E810 Adapter Driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-24504 CVE-2020-24502 CVE-2020-24503 |
| CWE-ID | CWE-400 CWE-20 CWE-284 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ethernet E810 Adapter Driver for Linux Hardware solutions / Drivers Ethernet E810 Adapter drivers for Windows Hardware solutions / Drivers |
| Vendor |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU50689
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24504
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEthernet E810 Adapter Driver for Linux: before 1.0.4
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU50690
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24502
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEthernet E810 Adapter Driver for Linux: before 1.0.4
Ethernet E810 Adapter drivers for Windows: before 1.4.29.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU50691
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24503
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEthernet E810 Adapter Driver for Linux: before 1.0.4
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
