Sign-up

ID

VAR-201905-1249


CVE

CVE-2019-11093


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Multiple Intel Products are prone to multiple local privilege-escalation vulnerabilities. Local attackers can exploit these issues to gain elevated privileges. Intel SCS Discovery Utility is a utility program of Intel Corporation for obtaining detailed data about Intel AMT. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-11093 // JVNDB: JVNDB-2019-004712 // BID: 108565 // VULHUB: VHN-142705

AFFECTED PRODUCTS

vendor:intelmodel:scs discovery utilityscope:lteversion:12.0.0.129

Trust: 1.8

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:setup and configuration softwarescope:eqversion:9.1123

Trust: 0.3

vendor:intelmodel:setup and configuration softwarescope:eqversion:12.0.0.129

Trust: 0.3

vendor:intelmodel:setup and configuration softwarescope:neversion:12.1.0.87

Trust: 0.3

sources: BID: 108565 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004712 // NVD: CVE-2019-11093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11093
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11093
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-764
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142705
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11093
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142705
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11093
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-142705 // JVNDB: JVNDB-2019-004712 // CNNVD: CNNVD-201905-764 // NVD: CVE-2019-11093

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-142705 // JVNDB: JVNDB-2019-004712 // NVD: CVE-2019-11093

THREAT TYPE

local

Trust: 0.9

sources: BID: 108565 // CNNVD: CNNVD-201905-764

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-764

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:INTEL-SA-00234url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00234.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004712

EXTERNAL IDS
db:NVDid:CVE-2019-11093
Trust: 2.8
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:BIDid:108565
Trust: 0.9
db:JVNDBid:JVNDB-2019-004712
Trust: 0.8
db:CNNVDid:CNNVD-201905-764
Trust: 0.7
db:CNVDid:CNVD-2020-18581
Trust: 0.1
db:VULHUBid:VHN-142705
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142705 // 
            
            
            
            BID: 108565 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004712 // 
            
            
            
            CNNVD: CNNVD-201905-764 // 
            
            
            
            NVD: CVE-2019-11093

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-11093
Trust: 1.4
url:http://www.intel.com/
Trust: 0.9
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11093
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://www.securityfocus.com/bid/108565
Trust: 0.6
sources:
            
            
            VULHUB: VHN-142705 // 
            
            
            
            BID: 108565 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004712 // 
            
            
            
            CNNVD: CNNVD-201905-764 // 
            
            
            
            NVD: CVE-2019-11093

CREDITS
Marius Gabriel Mihai
Trust: 0.9
sources:
            
            
            BID: 108565 // 
            
            
            
            CNNVD: CNNVD-201905-764

SOURCES
db:VULHUBid:VHN-142705
db:BIDid:108565
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004712
db:CNNVDid:CNNVD-201905-764
db:NVDid:CVE-2019-11093

LAST UPDATE DATE
2024-11-23T19:49:26.435000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142705date:2020-08-24T00:00:00
db:BIDid:108565date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004712date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-764date:2020-10-28T00:00:00
db:NVDid:CVE-2019-11093date:2024-11-21T04:20:31.473

SOURCES RELEASE DATE
db:VULHUBid:VHN-142705date:2019-05-17T00:00:00
db:BIDid:108565date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004712date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-764date:2019-05-17T00:00:00
db:NVDid:CVE-2019-11093date:2019-05-17T16:29:03.110