Sign-up

ID

VAR-201901-1623


CVE

CVE-2019-0088


TITLE

Windows for Intel(R) System Support Utility Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-001795

DESCRIPTION

Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access. Windows for Intel(R) System Support Utility Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel System Support Utility for Windows is a Windows platform-based system support utility developed by Intel Corporation. This program is mainly used to identify the hardware model, operating system version and software installed on the computer. A security vulnerability exists in versions earlier than 2.5.0.15 of the Windows-based Intel System Support Utility. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-0088 // JVNDB: JVNDB-2019-001795 // VULHUB: VHN-140119

AFFECTED PRODUCTS

vendor:intelmodel:system support utilityscope:ltversion:2.5.0.15

Trust: 1.0

vendor:intelmodel:system support utility for windowsscope:ltversion:2.5.0.15

Trust: 0.8

sources: JVNDB: JVNDB-2019-001795 // NVD: CVE-2019-0088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0088
value: HIGH

Trust: 1.0

NVD: CVE-2019-0088
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-343
value: HIGH

Trust: 0.6

VULHUB: VHN-140119
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0088
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140119
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0088
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140119 // JVNDB: JVNDB-2019-001795 // CNNVD: CNNVD-201901-343 // NVD: CVE-2019-0088

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-140119 // JVNDB: JVNDB-2019-001795 // NVD: CVE-2019-0088

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-343

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201901-343

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001795

PATCH
title:INTEL-SA-00212url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00212.html
Trust: 0.8
title:Intel System Support Utility for Windows Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88518
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001795 // 
            
            
            
            CNNVD: CNNVD-201901-343

EXTERNAL IDS
db:NVDid:CVE-2019-0088
Trust: 2.5
db:JVNDBid:JVNDB-2019-001795
Trust: 0.8
db:CNNVDid:CNNVD-201901-343
Trust: 0.7
db:VULHUBid:VHN-140119
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140119 // 
            
            
            
            JVNDB: JVNDB-2019-001795 // 
            
            
            
            CNNVD: CNNVD-201901-343 // 
            
            
            
            NVD: CVE-2019-0088

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00212.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0088
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0088
Trust: 0.8
sources:
            
            
            VULHUB: VHN-140119 // 
            
            
            
            JVNDB: JVNDB-2019-001795 // 
            
            
            
            CNNVD: CNNVD-201901-343 // 
            
            
            
            NVD: CVE-2019-0088

SOURCES
db:VULHUBid:VHN-140119
db:JVNDBid:JVNDB-2019-001795
db:CNNVDid:CNNVD-201901-343
db:NVDid:CVE-2019-0088

LAST UPDATE DATE
2024-11-23T22:30:08.921000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140119date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-001795date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201901-343date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0088date:2024-11-21T04:16:12.520

SOURCES RELEASE DATE
db:VULHUBid:VHN-140119date:2019-01-10T00:00:00
db:JVNDBid:JVNDB-2019-001795date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201901-343date:2019-01-11T00:00:00
db:NVDid:CVE-2019-0088date:2019-01-10T20:29:00.517