Vulnerability CVE-2020-0570

Vulnerability Name:

CVE-2020-0570 (CCN-175452)

Assigned:

2019-10-28

Published:

2020-01-29

Updated:

2021-09-21

Summary:

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

CVSS v3 Severity:

7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.3 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
6.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-426
CWE-73

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-0570

Source: CONFIRM
Type: Exploit, Patch, Vendor Advisory
https://bugreports.qt.io/browse/QTBUG-81272

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1800604

Source: XF
Type: UNKNOWN
qt-cve20200570-code-exec(175452)

Source: CONFIRM
Type: Mailing List, Vendor Advisory
https://lists.qt-project.org/pipermail/development/2020-January/038534.html

Source: CCN
Type: oss-sec Mailing List, Wed, 29 Jan 2020 17:17:49 -0800
New Qt vulnerabilities

Source: CCN
Type: Qt Web site
One framework. One codebase. Any platform.

Vulnerable Configuration:

Configuration 1:

cpe:/a:qt:qt:*:*:*:*:*:*:*:* (Version < 5.9.10)

OR cpe:/a:qt:qt:*:*:*:*:*:*:*:* (Version >= 5.10.0 and < 5.12.7)

OR cpe:/a:qt:qt:*:*:*:*:*:*:*:* (Version >= 5.13.0 and < 5.14.0)

Configuration 2:

cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 8:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration CCN 1:

cpe:/a:qt:qt:5.12.0:*:*:*:*:*:*:*

OR cpe:/a:qt:qt:5.14.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20200570	V	CVE-2020-0570	2023-06-22
oval:org.opensuse.security:def:7551	P	libQt5Concurrent-devel-5.15.8+kde185-150500.2.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7909	P	libQt5OpenGLExtensions-devel-static-5.15.8+kde185-150500.2.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:696	P	Security update for webkit2gtk3 (Important)	2022-08-16
oval:org.opensuse.security:def:3291	P	libyaml-0-2-0.1.6-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94601	P	libQt5Concurrent-devel-5.15.2+kde294-150400.4.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94921	P	libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.4.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2971	P	libQt5Concurrent-devel-5.15.2+kde294-150400.4.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1561	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:1676	P	Security update for xen (Important)	2022-06-13
oval:org.opensuse.security:def:99	P	libQt5Concurrent-devel-5.12.7-4.12.2 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:94032	P	(Moderate)	2022-06-02
oval:org.opensuse.security:def:1205	P	Security update for slurm (Important)	2022-05-16
oval:org.opensuse.security:def:100745	P	(Important)	2022-02-04
oval:org.opensuse.security:def:112555	P	libQt5Bootstrap-devel-static-32bit-5.15.2+kde222-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:69963	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:106043	P	libQt5Bootstrap-devel-static-32bit-5.15.2+kde222-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1028	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:101171	P	libQt5OpenGLExtensions-devel-static-5.12.7-4.12.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72484	P	libQt5OpenGLExtensions-devel-static-5.12.7-4.12.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62765	P	libQt5OpenGLExtensions-devel-static-5.12.7-4.12.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71858	P	libQt5Concurrent-devel-5.12.7-4.12.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100875	P	libQt5Concurrent-devel-5.12.7-4.12.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62117	P	libQt5Concurrent-devel-5.12.7-4.12.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:93752	P	(Important)	2021-07-14
oval:org.opensuse.security:def:69683	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:69788	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:49083	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:66432	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-23
oval:org.opensuse.security:def:66712	P	Security update for python3 (Important)	2020-12-23
oval:org.opensuse.security:def:73403	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:72369	P	libQt5OpenGLExtensions-devel-static-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107131	P	libQt5Concurrent-devel-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116969	P	libQt5OpenGLExtensions-devel-static-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62650	P	libQt5OpenGLExtensions-devel-static-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100465	P	libQt5Concurrent-devel-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107411	P	libQt5OpenGLExtensions-devel-static-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71526	P	libQt5Concurrent-devel-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61785	P	libQt5Concurrent-devel-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116689	P	libQt5Concurrent-devel-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49646	P	libQt5OpenGLExtensions-devel-static on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66340	P	apache-commons-httpclient on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73005	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:70068	P	libQt5OpenGLExtensions-devel-static on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73123	P	libQt5Concurrent-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66620	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73285	P	perl-XML-LibXML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49137	P	libQt5Concurrent-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49592	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20204690	P	RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate)	2020-11-04
oval:com.redhat.rhsa:def:20204025	P	RHSA-2020:4025: qt5-qtbase security update (Moderate)	2020-09-29
oval:com.ubuntu.bionic:def:202005700000000	V	CVE-2020-0570 on Ubuntu 18.04 LTS (bionic) - medium.	2020-02-05
oval:com.ubuntu.xenial:def:202005700000000	V	CVE-2020-0570 on Ubuntu 16.04 LTS (xenial) - medium.	2020-02-05

BACK