CVE-2020-0527 — Sensitive Information Exposure in Intel SSD D3-s4510 Firmware

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 81.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel SSD D3-s4510 Firmware Intel SSD DC P4510 Firmware Intel SSD DC P4511 Firmware +2 more

Timeline

PublishedJun 15

Latest updateMay 24

Description

Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages5 packages

▶NVDintel/ssd_d3-s4510_firmware< xc311120

▶NVDintel/ssd_dc_p4510_firmware< vdv10170

▶NVDintel/ssd_dc_p4511_firmware< vcv10370

▶NVDintel/ssd_dc_p4610_firmware< vdv10170

▶NVDintel/ssd_dc_p4618_firmware< vdv10170

🔴Vulnerability Details

GHSA

GHSA-5g3r-cmrg-q6mx: Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disc↗2022-05-24

▶

CVEList

CVE-2020-0527: Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disc↗2020-06-15

▶

💬Community

Bugzilla

CVE-2019-10392 jenkins-git-client-plugin: OS command injection via 'git ls-remote'↗2020-04-01

▶