Details of VAR-201902-0665

ID

VAR-201902-0665

CVE

CVE-2019-0127

TITLE

Intel OpenVINO Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-001831

DESCRIPTION

Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a privileged user to potentially enable information disclosure via local access. Intel(R) OpenVINO(TM) Contains an information disclosure vulnerability.Information may be obtained. Intel OpenVINO is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. OpenVINO 2018 for Linux prior to versions R4 are vulnerable. Intel OpenVINO for Linux is an open visual reasoning and neural network optimization toolkit based on the Linux platform of Intel Corporation. There is a security vulnerability in the installation program of Intel(R) OpenVINO(TM) 2018 R3 and earlier versions based on the Linux platform. The vulnerability is caused by a logic error in the program

Trust: 1.98

sources: NVD: CVE-2019-0127 // JVNDB: JVNDB-2019-001831 // BID: 107110 // VULHUB: VHN-140158

AFFECTED PRODUCTS

vendor:	intel	model:	openvino	scope:	eq	version:	2018	Trust: 1.0
vendor:	intel	model:	openvino	scope:	lte	version:	2018 r3	Trust: 0.8
vendor:	intel	model:	openvino r3	scope:	eq	version:	20180	Trust: 0.3
vendor:	intel	model:	openvino r2	scope:	eq	version:	20180	Trust: 0.3
vendor:	intel	model:	openvino r1	scope:	eq	version:	20180	Trust: 0.3
vendor:	intel	model:	openvino r4	scope:	ne	version:	20180	Trust: 0.3

sources: BID: 107110 // JVNDB: JVNDB-2019-001831 // NVD: CVE-2019-0127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0127
value:	LOW
Trust: 1.0
NVD:	CVE-2019-0127
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201902-709
value:	LOW
Trust: 0.6
VULHUB:	VHN-140158
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0127
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140158
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0127
baseSeverity:	LOW
baseScore:	3.9
vectorString:	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.3
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140158 // JVNDB: JVNDB-2019-001831 // CNNVD: CNNVD-201902-709 // NVD: CVE-2019-0127

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-140158 // JVNDB: JVNDB-2019-001831 // NVD: CVE-2019-0127

THREAT TYPE

local

Trust: 0.9

sources: BID: 107110 // CNNVD: CNNVD-201902-709

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201902-709

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001831

PATCH

title:	INTEL-SA-00222	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00222.html	Trust: 0.8
title:	Intel OpenVINO for Linux Fixes for installer security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89531	Trust: 0.6

sources: JVNDB: JVNDB-2019-001831 // CNNVD: CNNVD-201902-709

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0127	Trust: 2.8
db:	BID	id:	107110	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001831	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-709	Trust: 0.7
db:	VULHUB	id:	VHN-140158	Trust: 0.1

sources: VULHUB: VHN-140158 // BID: 107110 // JVNDB: JVNDB-2019-001831 // CNNVD: CNNVD-201902-709 // NVD: CVE-2019-0127

REFERENCES

url:	http://www.securityfocus.com/bid/107110	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00222.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0127	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0127	Trust: 0.8
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-140158 // BID: 107110 // JVNDB: JVNDB-2019-001831 // CNNVD: CNNVD-201902-709 // NVD: CVE-2019-0127

CREDITS

Intel

Trust: 0.9

sources: BID: 107110 // CNNVD: CNNVD-201902-709

SOURCES

db:	VULHUB	id:	VHN-140158
db:	BID	id:	107110
db:	JVNDB	id:	JVNDB-2019-001831
db:	CNNVD	id:	CNNVD-201902-709
db:	NVD	id:	CVE-2019-0127

LAST UPDATE DATE

2024-11-23T22:30:08.429000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140158	date:	2020-08-24T00:00:00
db:	BID	id:	107110	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001831	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-709	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0127	date:	2024-11-21T04:16:17.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140158	date:	2019-02-18T00:00:00
db:	BID	id:	107110	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001831	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-709	date:	2019-02-18T00:00:00
db:	NVD	id:	CVE-2019-0127	date:	2019-02-18T17:29:00.907