Sign-up

ID

VAR-201903-1240


CVE

CVE-2019-0129


TITLE

Intel(R) USB 3.0 Creator Utility Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-002520

DESCRIPTION

Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel USB 3.0 Creator Utility is a tool for installing USB3.0 drivers from Intel Corporation. A security vulnerability exists in the Intel USB 3.0 Creator Utility. A local attacker could exploit this vulnerability to elevate privileges

Trust: 2.43

sources: NVD: CVE-2019-0129 // JVNDB: JVNDB-2019-002520 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-140160

AFFECTED PRODUCTS

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 1.6

vendor:intelmodel:usb 3.0 creator utilityscope:eqversion:*

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2019-002520 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2019-0129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0129
value: HIGH

Trust: 1.0

NVD: CVE-2019-0129
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-560
value: HIGH

Trust: 0.6

VULHUB: VHN-140160
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0129
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140160
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0129
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140160 // JVNDB: JVNDB-2019-002520 // CNNVD: CNNVD-201903-560 // NVD: CVE-2019-0129

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-140160 // JVNDB: JVNDB-2019-002520 // NVD: CVE-2019-0129

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-560

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201903-560

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002520

PATCH
title:INTEL-SA-00229url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00229.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002520 // 
            
            
            
            JVNDB: JVNDB-2019-001582

EXTERNAL IDS
db:NVDid:CVE-2019-0129
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2019-002520
Trust: 0.8
db:CNNVDid:CNNVD-201903-560
Trust: 0.7
db:CNVDid:CNVD-2020-18570
Trust: 0.1
db:VULHUBid:VHN-140160
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140160 // 
            
            
            
            JVNDB: JVNDB-2019-002520 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-560 // 
            
            
            
            NVD: CVE-2019-0129

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0129
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0129
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
sources:
            
            
            VULHUB: VHN-140160 // 
            
            
            
            JVNDB: JVNDB-2019-002520 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-560 // 
            
            
            
            NVD: CVE-2019-0129

SOURCES
db:VULHUBid:VHN-140160
db:JVNDBid:JVNDB-2019-002520
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-560
db:NVDid:CVE-2019-0129

LAST UPDATE DATE
2024-11-23T19:28:41.272000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140160date:2019-03-15T00:00:00
db:JVNDBid:JVNDB-2019-002520date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-560date:2019-03-18T00:00:00
db:NVDid:CVE-2019-0129date:2024-11-21T04:16:17.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-140160date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2019-002520date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-560date:2019-03-14T00:00:00
db:NVDid:CVE-2019-0129date:2019-03-14T20:29:01.567