Sign-up

ID

VAR-201601-0464


CVE

CVE-2016-1493


TITLE

Intel Vulnerability to execute arbitrary code in Driver Update Utility

Trust: 0.8

sources: JVNDB: JVNDB-2016-001514

DESCRIPTION

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed

Trust: 2.07

sources: NVD: CVE-2016-1493 // JVNDB: JVNDB-2016-001514 // BID: 81053 // VULHUB: VHN-90312 // VULMON: CVE-2016-1493

AFFECTED PRODUCTS

vendor:intelmodel:driver update utilityscope:eqversion:2.0

Trust: 1.6

vendor:intelmodel:driver update utilityscope:eqversion:2.2

Trust: 1.6

vendor:intelmodel:driver update utilityscope:eqversion:2.3

Trust: 1.6

vendor:intelmodel:driver update utilityscope:eqversion:2.1

Trust: 1.6

vendor:intelmodel:driver update utilityscope:ltversion:2.4

Trust: 0.8

vendor:intelmodel:driver update utilityscope:eqversion:2.2.0.5

Trust: 0.3

sources: BID: 81053 // JVNDB: JVNDB-2016-001514 // CNNVD: CNNVD-201601-685 // NVD: CVE-2016-1493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1493
value: HIGH

Trust: 1.0

NVD: CVE-2016-1493
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201601-685
value: HIGH

Trust: 0.6

VULHUB: VHN-90312
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1493
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1493
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90312
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1493
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90312 // VULMON: CVE-2016-1493 // JVNDB: JVNDB-2016-001514 // CNNVD: CNNVD-201601-685 // NVD: CVE-2016-1493

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-90312 // JVNDB: JVNDB-2016-001514 // NVD: CVE-2016-1493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-685

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201601-685

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001514

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-90312

PATCH
title:INTEL-SA-00048url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr
Trust: 0.8
title:Intel Driver Update Utility Fixes for arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59989
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001514 // 
            
            
            
            CNNVD: CNNVD-201601-685

EXTERNAL IDS
db:NVDid:CVE-2016-1493
Trust: 2.9
db:PACKETSTORMid:135314
Trust: 1.8
db:JVNDBid:JVNDB-2016-001514
Trust: 0.8
db:CNNVDid:CNNVD-201601-685
Trust: 0.7
db:BIDid:81053
Trust: 0.5
db:VULHUBid:VHN-90312
Trust: 0.1
db:VULMONid:CVE-2016-1493
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90312 // 
            
            
            
            VULMON: CVE-2016-1493 // 
            
            
            
            BID: 81053 // 
            
            
            
            JVNDB: JVNDB-2016-001514 // 
            
            
            
            CNNVD: CNNVD-201601-685 // 
            
            
            
            NVD: CVE-2016-1493

REFERENCES
url:http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm
Trust: 2.9
url:http://packetstormsecurity.com/files/135314/intel-driver-update-utility-2.2.0.5-man-in-the-middle.html
Trust: 1.9
url:http://seclists.org/fulldisclosure/2016/jan/56
Trust: 1.8
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00048&languageid=en-fr
Trust: 1.7
url:http://www.securityfocus.com/archive/1/537327/100/0/threaded
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1493
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1493
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/537327/100/0/threaded
Trust: 0.6
url:https://downloadcenter.intel.com/download/24345/intel-driver-update-utility
Trust: 0.3
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00048&languageid=en-fr
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/345.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/81053
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90312 // 
            
            
            
            VULMON: CVE-2016-1493 // 
            
            
            
            BID: 81053 // 
            
            
            
            JVNDB: JVNDB-2016-001514 // 
            
            
            
            CNNVD: CNNVD-201601-685 // 
            
            
            
            NVD: CVE-2016-1493

CREDITS
Joaquín Rodríguez Varela from Core Security Advisories Team.
Trust: 0.3
sources:
            
            
            BID: 81053

SOURCES
db:VULHUBid:VHN-90312
db:VULMONid:CVE-2016-1493
db:BIDid:81053
db:JVNDBid:JVNDB-2016-001514
db:CNNVDid:CNNVD-201601-685
db:NVDid:CVE-2016-1493

LAST UPDATE DATE
2025-04-13T23:39:01.200000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90312date:2018-10-09T00:00:00
db:VULMONid:CVE-2016-1493date:2018-10-09T00:00:00
db:BIDid:81053date:2016-01-19T00:00:00
db:JVNDBid:JVNDB-2016-001514date:2016-02-26T00:00:00
db:CNNVDid:CNNVD-201601-685date:2016-02-01T00:00:00
db:NVDid:CVE-2016-1493date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90312date:2016-01-29T00:00:00
db:VULMONid:CVE-2016-1493date:2016-01-29T00:00:00
db:BIDid:81053date:2016-01-19T00:00:00
db:JVNDBid:JVNDB-2016-001514date:2016-02-26T00:00:00
db:CNNVDid:CNNVD-201601-685date:2016-01-29T00:00:00
db:NVDid:CVE-2016-1493date:2016-01-29T20:59:07.577