Sign-up

ID

VAR-201905-0865


CVE

CVE-2019-0171


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Quartus The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Quartus Software is a set of software for hardware programming developed by Intel Corporation of the United States. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.71

sources: NVD: CVE-2019-0171 // JVNDB: JVNDB-2019-004719 // VULHUB: VHN-140202

AFFECTED PRODUCTS

vendor:intelmodel:quartus primescope: - version: -

Trust: 1.6

vendor:intelmodel:quartus primescope:lteversion:18.1

Trust: 1.0

vendor:intelmodel:quartus iiscope:gteversion:9.1

Trust: 1.0

vendor:intelmodel:quartus primescope:gteversion:15.1

Trust: 1.0

vendor:intelmodel:quartus iiscope:lteversion:15.0

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus iiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004719 // NVD: CVE-2019-0171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0171
value: HIGH

Trust: 1.0

NVD: CVE-2019-0171
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-757
value: HIGH

Trust: 0.6

VULHUB: VHN-140202
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0171
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140202
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0171
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140202 // JVNDB: JVNDB-2019-004719 // CNNVD: CNNVD-201905-757 // NVD: CVE-2019-0171

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-140202 // JVNDB: JVNDB-2019-004719 // NVD: CVE-2019-0171

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-757

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-757

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:INTEL-SA-00244url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00244.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004719

EXTERNAL IDS
db:NVDid:CVE-2019-0171
Trust: 2.5
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004719
Trust: 0.8
db:CNNVDid:CNNVD-201905-757
Trust: 0.7
db:CNVDid:CNVD-2020-18592
Trust: 0.1
db:VULHUBid:VHN-140202
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140202 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004719 // 
            
            
            
            CNNVD: CNNVD-201905-757 // 
            
            
            
            NVD: CVE-2019-0171

REFERENCES
url:https://support.f5.com/csp/article/k33245306
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0171
Trust: 1.4
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0171
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
sources:
            
            
            VULHUB: VHN-140202 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004719 // 
            
            
            
            CNNVD: CNNVD-201905-757 // 
            
            
            
            NVD: CVE-2019-0171

SOURCES
db:VULHUBid:VHN-140202
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004719
db:CNNVDid:CNNVD-201905-757
db:NVDid:CVE-2019-0171

LAST UPDATE DATE
2024-11-23T21:02:41.082000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140202date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004719date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-757date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0171date:2024-11-21T04:16:24.123

SOURCES RELEASE DATE
db:VULHUBid:VHN-140202date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004719date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-757date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0171date:2019-05-17T16:29:02.220