Details of VAR-201905-0871

ID

VAR-201905-0871

CVE

CVE-2019-0138

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) ACU Wizard Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Intel Products are prone to multiple local privilege-escalation vulnerabilities. Local attackers can exploit these issues to gain elevated privileges. Intel ACU Wizard is an AMT configuration utility developed by Intel Corporation. Permission and access control issues exist in Intel ACU Wizard 12.0.0.129 and earlier versions. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-0138 // JVNDB: JVNDB-2019-004657 // BID: 108565 // VULHUB: VHN-140169

AFFECTED PRODUCTS

vendor:	intel	model:	acu wizard	scope:	lte	version:	12.0.0.129	Trust: 1.8
vendor:	intel	model:	acu wizard	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	driver and support assistant	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	dynamic application loader	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	i915	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc board nuc7i7dnbe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i5dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hvk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus ii programmer and tools	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus prime	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	scs discovery utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	unite client	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	setup and configuration software	scope:	eq	version:	9.1123	Trust: 0.3
vendor:	intel	model:	setup and configuration software	scope:	eq	version:	12.0.0.129	Trust: 0.3
vendor:	intel	model:	setup and configuration software	scope:	ne	version:	12.1.0.87	Trust: 0.3

sources: BID: 108565 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004657 // NVD: CVE-2019-0138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0138
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-0138
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-753
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140169
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0138
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140169
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0138
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140169 // JVNDB: JVNDB-2019-004657 // CNNVD: CNNVD-201905-753 // NVD: CVE-2019-0138

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-140169 // JVNDB: JVNDB-2019-004657 // NVD: CVE-2019-0138

THREAT TYPE

local

Trust: 0.9

sources: BID: 108565 // CNNVD: CNNVD-201905-753

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-753

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003441

PATCH

title:	INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html	Trust: 0.8
title:	INTEL-SA-00244 - IntelR QuartusR Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html	Trust: 0.8
title:	INTEL-SA-00245 - Intel UniteR Client for Android* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html	Trust: 0.8
title:	INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html	Trust: 0.8
title:	INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html	Trust: 0.8
title:	INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 0.8
title:	INTEL-SA-00251 - IntelR NUC Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html	Trust: 0.8
title:	INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html	Trust: 0.8
title:	INTEL-SA-00252 - IntelR Driver & Support Assistant Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html	Trust: 0.8
title:	INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html	Trust: 0.8
title:	INTEL-SA-00228 - Intel UniteR Client Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html	Trust: 0.8
title:	INTEL-SA-00233 - Microarchitectural Data Sampling Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Trust: 0.8
title:	INTEL-SA-00234	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00234.html	Trust: 0.8

sources: JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004657

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0138	Trust: 2.8
db:	JVN	id:	JVNVU92328381	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-003441	Trust: 1.6
db:	BID	id:	108565	Trust: 0.9
db:	JVNDB	id:	JVNDB-2019-004657	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-753	Trust: 0.7
db:	CNVD	id:	CNVD-2020-18588	Trust: 0.1
db:	VULHUB	id:	VHN-140169	Trust: 0.1

sources: VULHUB: VHN-140169 // BID: 108565 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004657 // CNNVD: CNNVD-201905-753 // NVD: CVE-2019-0138

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0138	Trust: 1.4
url:	http://www.intel.com/	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu92328381/index.html	Trust: 0.8
url:	https://mdsattacks.com/files/ridl.pdf	Trust: 0.8
url:	https://mdsattacks.com/files/fallout.pdf	Trust: 0.8
url:	https://zombieloadattack.com/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0138	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92328381/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html	Trust: 0.8
url:	https://www.securityfocus.com/bid/108565	Trust: 0.6

sources: VULHUB: VHN-140169 // BID: 108565 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004657 // CNNVD: CNNVD-201905-753 // NVD: CVE-2019-0138

CREDITS

Marius Gabriel Mihai

Trust: 0.9

sources: BID: 108565 // CNNVD: CNNVD-201905-753

SOURCES

db:	VULHUB	id:	VHN-140169
db:	BID	id:	108565
db:	JVNDB	id:	JVNDB-2019-003441
db:	JVNDB	id:	JVNDB-2019-004657
db:	CNNVD	id:	CNNVD-201905-753
db:	NVD	id:	CVE-2019-0138

LAST UPDATE DATE

2024-11-23T20:11:24.671000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140169	date:	2020-08-24T00:00:00
db:	BID	id:	108565	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004657	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-753	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0138	date:	2024-11-21T04:16:18.753

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140169	date:	2019-05-17T00:00:00
db:	BID	id:	108565	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004657	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-753	date:	2019-05-17T00:00:00
db:	NVD	id:	CVE-2019-0138	date:	2019-05-17T16:29:02.047