Sign-up

ID

VAR-201903-1238


CVE

CVE-2019-0121


TITLE

Intel(R) Matrix Storage Manager Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-002597

DESCRIPTION

Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Matrix Storage Manager is a matrix storage manager of Intel Corporation. This product can communicate with Intel I/O controller, SATA port. A security vulnerability exists in Intel Matrix Storage Manager 8.9.0.1023 and earlier versions. A local attacker could exploit this vulnerability to elevate privileges

Trust: 2.43

sources: NVD: CVE-2019-0121 // JVNDB: JVNDB-2019-002597 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-140152

AFFECTED PRODUCTS

vendor:intelmodel:matrix storage managerscope:lteversion:8.9.0.1023

Trust: 1.8

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2019-002597 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2019-0121

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0121
value: HIGH

Trust: 1.0

NVD: CVE-2019-0121
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-555
value: HIGH

Trust: 0.6

VULHUB: VHN-140152
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0121
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140152
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0121
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140152 // JVNDB: JVNDB-2019-002597 // CNNVD: CNNVD-201903-555 // NVD: CVE-2019-0121

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-140152 // JVNDB: JVNDB-2019-002597 // NVD: CVE-2019-0121

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-555

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201903-555

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002597

PATCH
title:INTEL-SA-00216url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00216.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002597 // 
            
            
            
            JVNDB: JVNDB-2019-001582

EXTERNAL IDS
db:NVDid:CVE-2019-0121
Trust: 2.5
db:LENOVOid:LEN-26976
Trust: 1.7
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2019-002597
Trust: 0.8
db:CNNVDid:CNNVD-201903-555
Trust: 0.7
db:CNVDid:CNVD-2020-18590
Trust: 0.1
db:VULHUBid:VHN-140152
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140152 // 
            
            
            
            JVNDB: JVNDB-2019-002597 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-555 // 
            
            
            
            NVD: CVE-2019-0121

REFERENCES
url:http://support.lenovo.com/us/en/solutions/len-26976
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0121
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0121
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
sources:
            
            
            VULHUB: VHN-140152 // 
            
            
            
            JVNDB: JVNDB-2019-002597 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-555 // 
            
            
            
            NVD: CVE-2019-0121

SOURCES
db:VULHUBid:VHN-140152
db:JVNDBid:JVNDB-2019-002597
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-555
db:NVDid:CVE-2019-0121

LAST UPDATE DATE
2024-11-23T19:30:42.443000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140152date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2019-002597date:2019-04-11T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-555date:2019-04-19T00:00:00
db:NVDid:CVE-2019-0121date:2024-11-21T04:16:16.443

SOURCES RELEASE DATE
db:VULHUBid:VHN-140152date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2019-002597date:2019-04-11T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-555date:2019-03-14T00:00:00
db:NVDid:CVE-2019-0121date:2019-03-14T20:29:01.507