Sign-up

ID

VAR-201905-1252


CVE

CVE-2019-11114


TITLE

Intel(R) Driver & Support Assistant Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004709

DESCRIPTION

Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2019-11114 // JVNDB: JVNDB-2019-004709 // VULHUB: VHN-142728

AFFECTED PRODUCTS

vendor:intelmodel:driver \& support assistantscope:lteversion:19.3.12.3

Trust: 1.0

vendor:intelmodel:driver and support assistantscope:lteversion:19.3.12.3

Trust: 0.8

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-004709 // JVNDB: JVNDB-2019-003441 // NVD: CVE-2019-11114

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11114
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11114
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-768
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142728
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-11114
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142728
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11114
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-142728 // JVNDB: JVNDB-2019-004709 // CNNVD: CNNVD-201905-768 // NVD: CVE-2019-11114

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-142728 // JVNDB: JVNDB-2019-004709 // NVD: CVE-2019-11114

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-768

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-768

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004709

PATCH
title:INTEL-SA-00252url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00252.html
Trust: 0.8
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004709 // 
            
            
            
            JVNDB: JVNDB-2019-003441

EXTERNAL IDS
db:NVDid:CVE-2019-11114
Trust: 2.5
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004709
Trust: 0.8
db:CNNVDid:CNNVD-201905-768
Trust: 0.7
db:CNVDid:CNVD-2020-18583
Trust: 0.1
db:VULHUBid:VHN-142728
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142728 // 
            
            
            
            JVNDB: JVNDB-2019-004709 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            CNNVD: CNNVD-201905-768 // 
            
            
            
            NVD: CVE-2019-11114

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11114
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11114
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142728 // 
            
            
            
            JVNDB: JVNDB-2019-004709 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            CNNVD: CNNVD-201905-768 // 
            
            
            
            NVD: CVE-2019-11114

SOURCES
db:VULHUBid:VHN-142728
db:JVNDBid:JVNDB-2019-004709
db:JVNDBid:JVNDB-2019-003441
db:CNNVDid:CNNVD-201905-768
db:NVDid:CVE-2019-11114

LAST UPDATE DATE
2024-11-23T20:54:04.611000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142728date:2019-05-21T00:00:00
db:JVNDBid:JVNDB-2019-004709date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201905-768date:2019-05-27T00:00:00
db:NVDid:CVE-2019-11114date:2024-11-21T04:20:33.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-142728date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-004709date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201905-768date:2019-05-17T00:00:00
db:NVDid:CVE-2019-11114date:2019-05-17T16:29:03.313