CVE-2020-13517
Vulnerability Scoring
Attack Complexity Details
- Attack Complexity: Low Impact
- Attack Vector: LOCAL
- Privileges Required: Low Impact
- Scope: UNCHANGED
- User Interaction: NONE
CIA Impact Definition
- Confidentiality: HIGH IMPACT
- Integrity:
- Availability:
CVE-2020-13517 Vulnerability Summary
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
Access Complexity Graph for CVE-2020-13517
Impact Analysis for CVE-2020-13517
CVE-2020-13517: Detailed Information and External References
EPSS
0.00048
EPSS %
0.20483
References
0.00048
CWE
CWE-269
CAPEC
0.00048
- Privilege Abuse: An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
- Privilege Escalation: An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
- Restful Privilege Elevation: An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.
Vulnerable Configurations
-
cpe:2.3:a:nzxt:cam:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:nzxt:cam:4.8.0:*:*:*:*:*:*:*
CVSS3 Source
nvd@nist.gov
CVSS3 Type
Primary
CVSS3 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Protect Your Infrastructure: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.