Details of VAR-201711-0652

ID

VAR-201711-0652

CVE

CVE-2017-5738

TITLE

Intel Unite App Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010319

DESCRIPTION

Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. Intel Unite App is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges. Intel Unite App 3.1.32.12, 3.1.41.18 and 3.1.45.26 are vulnerable. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. The admin portal is one of the management interfaces

Trust: 2.07

sources: NVD: CVE-2017-5738 // JVNDB: JVNDB-2017-010319 // BID: 101888 // VULHUB: VHN-113941 // VULMON: CVE-2017-5738

AFFECTED PRODUCTS

vendor:	intel	model:	unite	scope:	eq	version:	3.1.41.18	Trust: 1.6
vendor:	intel	model:	unite	scope:	eq	version:	3.1.45.26	Trust: 1.6
vendor:	intel	model:	unite	scope:	eq	version:	3.1.32.12	Trust: 1.6
vendor:	intel	model:	unite	scope:	eq	version:	app 3.1.32.12	Trust: 0.8
vendor:	intel	model:	unite	scope:	eq	version:	app 3.1.41.18	Trust: 0.8
vendor:	intel	model:	unite	scope:	eq	version:	app 3.1.45.26	Trust: 0.8
vendor:	intel	model:	unite app	scope:	eq	version:	3.1.45.26	Trust: 0.3
vendor:	intel	model:	unite app	scope:	eq	version:	3.1.41.18	Trust: 0.3
vendor:	intel	model:	unite app	scope:	eq	version:	3.1.32.12	Trust: 0.3
vendor:	intel	model:	unite app	scope:	ne	version:	3.2.82.42	Trust: 0.3

sources: BID: 101888 // JVNDB: JVNDB-2017-010319 // CNNVD: CNNVD-201711-658 // NVD: CVE-2017-5738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5738
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-5738
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201711-658
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-113941
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-5738
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-5738
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-113941
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5738
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-113941 // VULMON: CVE-2017-5738 // JVNDB: JVNDB-2017-010319 // CNNVD: CNNVD-201711-658 // NVD: CVE-2017-5738

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-113941 // JVNDB: JVNDB-2017-010319 // NVD: CVE-2017-5738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-658

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-658

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010319

PATCH

title:	INTEL-SA-00092	url:	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00092&languageid=en-fr	Trust: 0.8
title:	Intel Unite App admin portal Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76487	Trust: 0.6

sources: JVNDB: JVNDB-2017-010319 // CNNVD: CNNVD-201711-658

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5738	Trust: 2.9
db:	BID	id:	101888	Trust: 2.1
db:	JVNDB	id:	JVNDB-2017-010319	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-658	Trust: 0.7
db:	VULHUB	id:	VHN-113941	Trust: 0.1
db:	VULMON	id:	CVE-2017-5738	Trust: 0.1

sources: VULHUB: VHN-113941 // VULMON: CVE-2017-5738 // BID: 101888 // JVNDB: JVNDB-2017-010319 // CNNVD: CNNVD-201711-658 // NVD: CVE-2017-5738

REFERENCES

url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00092&languageid=en-fr	Trust: 2.0
url:	http://www.securityfocus.com/bid/101888	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5738	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5738	Trust: 0.8
url:	http://www.intel.com/	Trust: 0.3
url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00092&languageid=en-fr	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-113941 // VULMON: CVE-2017-5738 // BID: 101888 // JVNDB: JVNDB-2017-010319 // CNNVD: CNNVD-201711-658 // NVD: CVE-2017-5738

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101888

SOURCES

db:	VULHUB	id:	VHN-113941
db:	VULMON	id:	CVE-2017-5738
db:	BID	id:	101888
db:	JVNDB	id:	JVNDB-2017-010319
db:	CNNVD	id:	CNNVD-201711-658
db:	NVD	id:	CVE-2017-5738

LAST UPDATE DATE

2025-04-20T23:39:59.598000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-113941	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-5738	date:	2019-10-03T00:00:00
db:	BID	id:	101888	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010319	date:	2017-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201711-658	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-5738	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-113941	date:	2017-11-16T00:00:00
db:	VULMON	id:	CVE-2017-5738	date:	2017-11-16T00:00:00
db:	BID	id:	101888	date:	2017-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-010319	date:	2017-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201711-658	date:	2017-11-20T00:00:00
db:	NVD	id:	CVE-2017-5738	date:	2017-11-16T14:29:00.207