Details of VAR-201905-0864

ID

VAR-201905-0864

CVE

CVE-2019-0170

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) DAL Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Dynamic Application Loader (DAL) is a dynamic application loader from Intel Corporation. The product supports running Java code on CSME firmware. A buffer overflow vulnerability exists in the subsystems of Intel DAL prior to 12.0.35. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2019-0170 // JVNDB: JVNDB-2019-004645 // VULHUB: VHN-140201 // VULMON: CVE-2019-0170

AFFECTED PRODUCTS

vendor:	intel	model:	converged security management engine	scope:	lt	version:	12.0.35	Trust: 1.0
vendor:	intel	model:	acu wizard	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	driver and support assistant	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	dynamic application loader	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	i915	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc board nuc7i7dnbe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i5dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hvk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus ii programmer and tools	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus prime	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	scs discovery utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	unite client	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	dynamic application loader	scope:	lt	version:	12.0.35	Trust: 0.8

sources: JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004645 // NVD: CVE-2019-0170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0170
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0170
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-756
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140201
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-0170
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0170
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-140201
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0170
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140201 // VULMON: CVE-2019-0170 // JVNDB: JVNDB-2019-004645 // CNNVD: CNNVD-201905-756 // NVD: CVE-2019-0170

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-140201 // JVNDB: JVNDB-2019-004645 // NVD: CVE-2019-0170

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-756

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-756

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003441

PATCH

title:	INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 1.6
title:	INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html	Trust: 0.8
title:	INTEL-SA-00244 - IntelR QuartusR Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html	Trust: 0.8
title:	INTEL-SA-00245 - Intel UniteR Client for Android* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html	Trust: 0.8
title:	INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html	Trust: 0.8
title:	INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html	Trust: 0.8
title:	INTEL-SA-00251 - IntelR NUC Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html	Trust: 0.8
title:	INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html	Trust: 0.8
title:	INTEL-SA-00252 - IntelR Driver & Support Assistant Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html	Trust: 0.8
title:	INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html	Trust: 0.8
title:	INTEL-SA-00228 - Intel UniteR Client Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html	Trust: 0.8
title:	INTEL-SA-00233 - Microarchitectural Data Sampling Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Trust: 0.8
title:	Threatpost	url:	https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/	Trust: 0.1

sources: VULMON: CVE-2019-0170 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004645

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0170	Trust: 2.6
db:	JVN	id:	JVNVU92328381	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-003441	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-004645	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-756	Trust: 0.7
db:	AUSCERT	id:	ASB-2019.0148.2	Trust: 0.6
db:	LENOVO	id:	LEN-26293	Trust: 0.6
db:	VULHUB	id:	VHN-140201	Trust: 0.1
db:	VULMON	id:	CVE-2019-0170	Trust: 0.1

sources: VULHUB: VHN-140201 // VULMON: CVE-2019-0170 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004645 // CNNVD: CNNVD-201905-756 // NVD: CVE-2019-0170

REFERENCES

url:	https://support.f5.com/csp/article/k51470205	Trust: 1.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0170	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu92328381/index.html	Trust: 0.8
url:	https://mdsattacks.com/files/ridl.pdf	Trust: 0.8
url:	https://mdsattacks.com/files/fallout.pdf	Trust: 0.8
url:	https://zombieloadattack.com/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0170	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92328381/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html	Trust: 0.8
url:	https://support.lenovo.com/us/zh/solutions/len-26293	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/asb-2019.0148.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-26293	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/	Trust: 0.1

sources: VULHUB: VHN-140201 // VULMON: CVE-2019-0170 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004645 // CNNVD: CNNVD-201905-756 // NVD: CVE-2019-0170

SOURCES

db:	VULHUB	id:	VHN-140201
db:	VULMON	id:	CVE-2019-0170
db:	JVNDB	id:	JVNDB-2019-003441
db:	JVNDB	id:	JVNDB-2019-004645
db:	CNNVD	id:	CNNVD-201905-756
db:	NVD	id:	CVE-2019-0170

LAST UPDATE DATE

2024-11-23T19:58:58.251000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140201	date:	2019-06-20T00:00:00
db:	VULMON	id:	CVE-2019-0170	date:	2019-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004645	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-756	date:	2019-09-26T00:00:00
db:	NVD	id:	CVE-2019-0170	date:	2024-11-21T04:16:24.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140201	date:	2019-05-17T00:00:00
db:	VULMON	id:	CVE-2019-0170	date:	2019-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004645	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-756	date:	2019-05-17T00:00:00
db:	NVD	id:	CVE-2019-0170	date:	2019-05-17T16:29:02.173