Sign-up

ID

VAR-201908-1942


CVE

CVE-2019-11162


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558

DESCRIPTION

Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. Intel Computing Improvement Program is a software improvement program application program of Intel Corporation. This program is used to collect computer function usage information, component usage information, operating system information, etc. A local attacker could exploit this vulnerability to elevate privileges, cause denial of service or disclose information

Trust: 0.99

sources: NVD: CVE-2019-11162 // VULHUB: VHN-142781

AFFECTED PRODUCTS

vendor:intelmodel:computing improvement programscope:ltversion:2.4.0.04733

Trust: 1.0

vendor:intelmodel:authenticatescope:ltversion:3.8 earlier

Trust: 0.8

vendor:intelmodel:compute cardscope: - version: -

Trust: 0.8

vendor:intelmodel:compute stickscope: - version: -

Trust: 0.8

vendor:intelmodel:computing improvement programscope:ltversion:2.4.0.04733 earlier

Trust: 0.8

vendor:intelmodel:driver and support assistantscope:ltversion:19.7.30.2 earlier

Trust: 0.8

vendor:intelmodel:nuc kitscope: - version: -

Trust: 0.8

vendor:intelmodel:processor identification utilityscope:ltversion:for windows 6.1.0731 earlier

Trust: 0.8

vendor:intelmodel:raid web consolescope:eqversion:2

Trust: 0.8

vendor:intelmodel:remote displays sdkscope:ltversion:2.0.1 r2 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558 // NVD: CVE-2019-11162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11162
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201908-1259
value: HIGH

Trust: 0.6

VULHUB: VHN-142781
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11162
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-142781
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11162
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-142781 // CNNVD: CNNVD-201908-1259 // NVD: CVE-2019-11162

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.1

sources: VULHUB: VHN-142781 // NVD: CVE-2019-11162

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1259

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1259

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007558

PATCH
title:[INTEL-SA-00283] Intel Computing Improvement Program Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html
Trust: 0.8
title:[INTEL-SA-00246] Intel RAID Web Console 2 Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html
Trust: 0.8
title:[INTEL-SA-00272] Intel NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html
Trust: 0.8
title:[INTEL-SA-00275] Intel Authenticate Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html
Trust: 0.8
title:[INTEL-SA-00276] Intel Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html
Trust: 0.8
title:[INTEL-SA-00277] Intel Remote Displays SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html
Trust: 0.8
title:[INTEL-SA-00281] Intel Processor Identification Utility for Windows* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html
Trust: 0.8
title:Intel Computing Improvement Program Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96902
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1259

EXTERNAL IDS
db:NVDid:CVE-2019-11162
Trust: 2.5
db:JVNid:JVNVU99945432
Trust: 0.8
db:JVNDBid:JVNDB-2019-007558
Trust: 0.8
db:CNNVDid:CNNVD-201908-1259
Trust: 0.7
db:VULHUBid:VHN-142781
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142781 // 
            
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1259 // 
            
            
            
            NVD: CVE-2019-11162

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11162
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11163
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11162
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0173
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11140
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11143
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11145
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11146
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11148
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99945432/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11163
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0173
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11140
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11143
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11145
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11146
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11148
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142781 // 
            
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1259 // 
            
            
            
            NVD: CVE-2019-11162

CREDITS
Jesse Michael
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-1259

SOURCES
db:VULHUBid:VHN-142781
db:JVNDBid:JVNDB-2019-007558
db:CNNVDid:CNNVD-201908-1259
db:NVDid:CVE-2019-11162

LAST UPDATE DATE
2024-11-23T21:36:55.863000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142781date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-007558date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-1259date:2020-08-25T00:00:00
db:NVDid:CVE-2019-11162date:2024-11-21T04:20:38.867

SOURCES RELEASE DATE
db:VULHUBid:VHN-142781date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-007558date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-1259date:2019-08-19T00:00:00
db:NVDid:CVE-2019-11162date:2019-08-19T17:15:11.667