Details of VAR-201907-1615

ID

VAR-201907-1615

CVE

CVE-2019-11133

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-006137

DESCRIPTION

Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel Has released an update for each product.* Privilege escalation * INTEL-SA-00267 * CVE-2018-18095 * INTEL-SA-00268 * CVE-2019-11133 * Service operation interruption (DoS) attack * INTEL-SA-00268 * CVE-2019-11133 * information leak * INTEL-SA-00268 * CVE-2019-11133. Intel Processor Diagnostic Tool is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Permissions and access control issues exist in versions prior to Intel IPDT 4.1.2.24. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-11133 // JVNDB: JVNDB-2019-006137 // BID: 109096 // VULHUB: VHN-142749

AFFECTED PRODUCTS

vendor:	intel	model:	processor diagnostic tool	scope:	lt	version:	4.1.2.24	Trust: 1.0
vendor:	intel	model:	processor diagnostic tool	scope:	lt	version:	for 32-bit 4.1.2.24 earlier	Trust: 0.8
vendor:	intel	model:	processor diagnostic tool	scope:	lt	version:	for 64-bit 4.1.2.24 earlier	Trust: 0.8
vendor:	intel	model:	solid state drives for data centers s4500 series	scope:	lt	version:	scv10150 earlier	Trust: 0.8
vendor:	intel	model:	ssd dc s4600 series	scope:	lt	version:	scv10150 earlier	Trust: 0.8
vendor:	intel	model:	processor diagnostic tool	scope:	eq	version:	4.1.1.33	Trust: 0.3
vendor:	intel	model:	processor diagnostic tool	scope:	eq	version:	4.1.0.27	Trust: 0.3
vendor:	intel	model:	processor diagnostic tool	scope:	eq	version:	4.0.0.29	Trust: 0.3
vendor:	intel	model:	processor diagnostic tool	scope:	ne	version:	4.1.2.24	Trust: 0.3

sources: BID: 109096 // JVNDB: JVNDB-2019-006137 // NVD: CVE-2019-11133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11133
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201907-535
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142749
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11133
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-142749
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11133
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-142749 // CNNVD: CNNVD-201907-535 // NVD: CVE-2019-11133

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.1

sources: VULHUB: VHN-142749 // NVD: CVE-2019-11133

THREAT TYPE

local

Trust: 0.9

sources: BID: 109096 // CNNVD: CNNVD-201907-535

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201907-535

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006137

PATCH

title:	[INTEL-SA-00267] Intel SSD DC S4500/S4600 Series Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00267.html	Trust: 0.8
title:	[INTEL-SA-00268] Intel Processor Diagnostic Tool Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html	Trust: 0.8

sources: JVNDB: JVNDB-2019-006137

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11133	Trust: 2.8
db:	BID	id:	109096	Trust: 2.0
db:	JVN	id:	JVNVU90203478	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-006137	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-535	Trust: 0.7
db:	VULHUB	id:	VHN-142749	Trust: 0.1

sources: VULHUB: VHN-142749 // BID: 109096 // JVNDB: JVNDB-2019-006137 // CNNVD: CNNVD-201907-535 // NVD: CVE-2019-11133

REFERENCES

url:	http://www.securityfocus.com/bid/109096	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11133	Trust: 1.4
url:	https://support.f5.com/csp/article/k90305959	Trust: 1.1
url:	https://support.f5.com/csp/article/k90305959?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	http://www.intel.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18095	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11133	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90203478/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18095	Trust: 0.8
url:	https://support.f5.com/csp/article/k90305959?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://support.f5.com/csp/article/k90305959?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1

sources: VULHUB: VHN-142749 // BID: 109096 // JVNDB: JVNDB-2019-006137 // CNNVD: CNNVD-201907-535 // NVD: CVE-2019-11133

CREDITS

Jesse Michael from Eclypsium.

Trust: 0.9

sources: BID: 109096 // CNNVD: CNNVD-201907-535

SOURCES

db:	VULHUB	id:	VHN-142749
db:	BID	id:	109096
db:	JVNDB	id:	JVNDB-2019-006137
db:	CNNVD	id:	CNNVD-201907-535
db:	NVD	id:	CVE-2019-11133

LAST UPDATE DATE

2024-11-23T22:37:45.942000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142749	date:	2020-08-24T00:00:00
db:	BID	id:	109096	date:	2019-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-006137	date:	2019-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201907-535	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-11133	date:	2024-11-21T04:20:35.467

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142749	date:	2019-07-11T00:00:00
db:	BID	id:	109096	date:	2019-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-006137	date:	2019-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201907-535	date:	2019-07-09T00:00:00
db:	NVD	id:	CVE-2019-11133	date:	2019-07-11T21:15:09.670