Sign-up

ID

VAR-201903-1241


CVE

CVE-2019-0135


TITLE

RSTe Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-002521

DESCRIPTION

Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Rapid Storage Technology enterprise (RSTe) is a fast storage technology developed by Intel Corporation. Intel Accelerated Storage Manager is one of the accelerated storage managers. A security vulnerability exists in the installer of Intel Accelerated Storage Manager in Intel RSTe 5.5 and earlier. A local attacker could exploit this vulnerability to elevate privileges

Trust: 2.43

sources: NVD: CVE-2019-0135 // JVNDB: JVNDB-2019-002521 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-140166

AFFECTED PRODUCTS

vendor:intelmodel:rapid storage technology enterprisescope:ltversion:5.5.0.2015

Trust: 1.0

vendor:lenovomodel:thinkstation p720scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p520scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p520cscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p920scope:eqversion: -

Trust: 1.0

vendor:intelmodel:rapid store technologyscope:lteversion:5.5

Trust: 0.8

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2019-002521 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2019-0135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0135
value: HIGH

Trust: 1.0

NVD: CVE-2019-0135
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-562
value: HIGH

Trust: 0.6

VULHUB: VHN-140166
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0135
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140166
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0135
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-0135
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140166 // JVNDB: JVNDB-2019-002521 // CNNVD: CNNVD-201903-562 // NVD: CVE-2019-0135

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-140166 // JVNDB: JVNDB-2019-002521 // NVD: CVE-2019-0135

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-562

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201903-562

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002521

PATCH
title:INTEL-SA-00231url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00231.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Rapid Storage Technology enterprise Intel Accelerated Storage Manager Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=90149
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002521 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-562

EXTERNAL IDS
db:NVDid:CVE-2019-0135
Trust: 2.5
db:LENOVOid:LEN-27843
Trust: 1.7
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2019-002521
Trust: 0.8
db:CNNVDid:CNNVD-201903-562
Trust: 0.7
db:VULHUBid:VHN-140166
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140166 // 
            
            
            
            JVNDB: JVNDB-2019-002521 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-562 // 
            
            
            
            NVD: CVE-2019-0135

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 2.3
url:https://support.lenovo.com/us/en/product_security/len-27843
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0135
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0135
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/in
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140166 // 
            
            
            
            JVNDB: JVNDB-2019-002521 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-562 // 
            
            
            
            NVD: CVE-2019-0135

SOURCES
db:VULHUBid:VHN-140166
db:JVNDBid:JVNDB-2019-002521
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-562
db:NVDid:CVE-2019-0135

LAST UPDATE DATE
2024-11-23T20:11:03.588000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140166date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2019-002521date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-562date:2023-03-06T00:00:00
db:NVDid:CVE-2019-0135date:2024-11-21T04:16:18.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-140166date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2019-002521date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-562date:2019-03-14T00:00:00
db:NVDid:CVE-2019-0135date:2019-03-14T20:29:01.600