Incorrect default permissions in Intel products - CVE-2020-8765

 

Incorrect default permissions in Intel products - CVE-2020-8765

Published: February 10, 2021


Vulnerability identifier: #VU50581
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-8765
CWE-ID: CWE-276
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Intel
Affected software:
Intel RealSense DCM F200
Intel RealSense DCM R200
Intel RealSense DCM SR300

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application in the installer for the Intel(R) RealSense(TM) DCM. A local user with access to the system can view contents of files and directories or modify them.


How to mitigate CVE-2020-8765

Install updates from vendor's website.

Sources