ID

VAR-201908-1944


CVE

CVE-2019-11146


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558

DESCRIPTION

Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. An authorization issue vulnerability exists in Intel Driver & Support Assistant versions prior to 19.7.30.2. The vulnerability is caused by the program not properly validating files. A local attacker could exploit this vulnerability to elevate privileges

Trust: 0.99

sources: NVD: CVE-2019-11146 // VULHUB: VHN-142763

AFFECTED PRODUCTS

vendor:intelmodel:driver \& support assistantscope:ltversion:19.7.30.2

Trust: 1.0

vendor:intelmodel:authenticatescope:ltversion:3.8 earlier

Trust: 0.8

vendor:intelmodel:compute cardscope: - version: -

Trust: 0.8

vendor:intelmodel:compute stickscope: - version: -

Trust: 0.8

vendor:intelmodel:computing improvement programscope:ltversion:2.4.0.04733 earlier

Trust: 0.8

vendor:intelmodel:driver and support assistantscope:ltversion:19.7.30.2 earlier

Trust: 0.8

vendor:intelmodel:nuc kitscope: - version: -

Trust: 0.8

vendor:intelmodel:processor identification utilityscope:ltversion:for windows 6.1.0731 earlier

Trust: 0.8

vendor:intelmodel:raid web consolescope:eqversion:2

Trust: 0.8

vendor:intelmodel:remote displays sdkscope:ltversion:2.0.1 r2 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558 // NVD: CVE-2019-11146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11146
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201908-1257
value: HIGH

Trust: 0.6

VULHUB: VHN-142763
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11146
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-142763
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11146
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-142763 // CNNVD: CNNVD-201908-1257 // NVD: CVE-2019-11146

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.1

sources: VULHUB: VHN-142763 // NVD: CVE-2019-11146

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1257

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-1257

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007558

PATCH

title:[INTEL-SA-00283] Intel Computing Improvement Program Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html

Trust: 0.8

title:[INTEL-SA-00246] Intel RAID Web Console 2 Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html

Trust: 0.8

title:[INTEL-SA-00272] Intel NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html

Trust: 0.8

title:[INTEL-SA-00275] Intel Authenticate Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html

Trust: 0.8

title:[INTEL-SA-00276] Intel Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html

Trust: 0.8

title:[INTEL-SA-00277] Intel Remote Displays SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html

Trust: 0.8

title:[INTEL-SA-00281] Intel Processor Identification Utility for Windows* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html

Trust: 0.8

title:Intel Driver & Support Assistant Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96900

Trust: 0.6

sources: JVNDB: JVNDB-2019-007558 // CNNVD: CNNVD-201908-1257

EXTERNAL IDS

db:NVDid:CVE-2019-11146

Trust: 2.5

db:JVNid:JVNVU99945432

Trust: 0.8

db:JVNDBid:JVNDB-2019-007558

Trust: 0.8

db:CNNVDid:CNNVD-201908-1257

Trust: 0.7

db:VULHUBid:VHN-142763

Trust: 0.1

sources: VULHUB: VHN-142763 // JVNDB: JVNDB-2019-007558 // CNNVD: CNNVD-201908-1257 // NVD: CVE-2019-11146

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-11146

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11163

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11162

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0173

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11140

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11143

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11145

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11146

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11148

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99945432/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-11163

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-11162

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-0173

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-11140

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-11143

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-11145

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-11148

Trust: 0.8

sources: VULHUB: VHN-142763 // JVNDB: JVNDB-2019-007558 // CNNVD: CNNVD-201908-1257 // NVD: CVE-2019-11146

CREDITS

Eran Shimony

Trust: 0.6

sources: CNNVD: CNNVD-201908-1257

SOURCES

db:VULHUBid:VHN-142763
db:JVNDBid:JVNDB-2019-007558
db:CNNVDid:CNNVD-201908-1257
db:NVDid:CVE-2019-11146

LAST UPDATE DATE

2024-11-23T21:36:55.790000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-142763date:2020-02-10T00:00:00
db:JVNDBid:JVNDB-2019-007558date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-1257date:2020-02-12T00:00:00
db:NVDid:CVE-2019-11146date:2024-11-21T04:20:37.310

SOURCES RELEASE DATE

db:VULHUBid:VHN-142763date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-007558date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-1257date:2019-08-19T00:00:00
db:NVDid:CVE-2019-11146date:2019-08-19T17:15:11.543