Sign-up

ID

VAR-201908-1941


CVE

CVE-2019-11145


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558

DESCRIPTION

Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. An authorization issue vulnerability exists in Intel Driver & Support Assistant versions prior to 19.7.30.2. The vulnerability is caused by the program not properly validating files. A local attacker could exploit this vulnerability to elevate privileges

Trust: 0.99

sources: NVD: CVE-2019-11145 // VULHUB: VHN-142762

AFFECTED PRODUCTS

vendor:intelmodel:driver \& support assistantscope:ltversion:19.7.30.2

Trust: 1.0

vendor:intelmodel:authenticatescope:ltversion:3.8 earlier

Trust: 0.8

vendor:intelmodel:compute cardscope: - version: -

Trust: 0.8

vendor:intelmodel:compute stickscope: - version: -

Trust: 0.8

vendor:intelmodel:computing improvement programscope:ltversion:2.4.0.04733 earlier

Trust: 0.8

vendor:intelmodel:driver and support assistantscope:ltversion:19.7.30.2 earlier

Trust: 0.8

vendor:intelmodel:nuc kitscope: - version: -

Trust: 0.8

vendor:intelmodel:processor identification utilityscope:ltversion:for windows 6.1.0731 earlier

Trust: 0.8

vendor:intelmodel:raid web consolescope:eqversion:2

Trust: 0.8

vendor:intelmodel:remote displays sdkscope:ltversion:2.0.1 r2 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558 // NVD: CVE-2019-11145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11145
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201908-1256
value: HIGH

Trust: 0.6

VULHUB: VHN-142762
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11145
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-142762
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11145
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-142762 // CNNVD: CNNVD-201908-1256 // NVD: CVE-2019-11145

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.1

sources: VULHUB: VHN-142762 // NVD: CVE-2019-11145

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1256

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-1256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007558

PATCH
title:[INTEL-SA-00283] Intel Computing Improvement Program Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html
Trust: 0.8
title:[INTEL-SA-00246] Intel RAID Web Console 2 Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html
Trust: 0.8
title:[INTEL-SA-00272] Intel NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html
Trust: 0.8
title:[INTEL-SA-00275] Intel Authenticate Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html
Trust: 0.8
title:[INTEL-SA-00276] Intel Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html
Trust: 0.8
title:[INTEL-SA-00277] Intel Remote Displays SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html
Trust: 0.8
title:[INTEL-SA-00281] Intel Processor Identification Utility for Windows* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html
Trust: 0.8
title:Intel Driver & Support Assistant Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96899
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1256

EXTERNAL IDS
db:NVDid:CVE-2019-11145
Trust: 2.5
db:JVNid:JVNVU99945432
Trust: 0.8
db:JVNDBid:JVNDB-2019-007558
Trust: 0.8
db:CNNVDid:CNNVD-201908-1256
Trust: 0.7
db:VULHUBid:VHN-142762
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142762 // 
            
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1256 // 
            
            
            
            NVD: CVE-2019-11145

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11145
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11163
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11162
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0173
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11140
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11143
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11145
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11146
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11148
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99945432/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11163
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11162
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0173
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11140
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11143
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11146
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11148
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142762 // 
            
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1256 // 
            
            
            
            NVD: CVE-2019-11145

CREDITS
Jakub Palaczynski
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-1256

SOURCES
db:VULHUBid:VHN-142762
db:JVNDBid:JVNDB-2019-007558
db:CNNVDid:CNNVD-201908-1256
db:NVDid:CVE-2019-11145

LAST UPDATE DATE
2024-11-23T21:36:55.814000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142762date:2023-03-08T00:00:00
db:JVNDBid:JVNDB-2019-007558date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-1256date:2020-02-12T00:00:00
db:NVDid:CVE-2019-11145date:2024-11-21T04:20:37.203

SOURCES RELEASE DATE
db:VULHUBid:VHN-142762date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-007558date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-1256date:2019-08-19T00:00:00
db:NVDid:CVE-2019-11145date:2019-08-19T17:15:11.467