Sign-up

ID

VAR-201908-1945


CVE

CVE-2019-11148


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558

DESCRIPTION

Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Remote Displays SDK is a remote processing software development kit (SDK) of Intel Corporation. The product enables low-latency capture, compression, decompression, and configuration of virtual displays. A local attacker could exploit this vulnerability to elevate privileges

Trust: 0.99

sources: NVD: CVE-2019-11148 // VULHUB: VHN-142765

AFFECTED PRODUCTS

vendor:intelmodel:remote displays sdkscope:eqversion:1.1

Trust: 1.0

vendor:intelmodel:remote displays sdkscope:eqversion:1.0

Trust: 1.0

vendor:intelmodel:remote displays sdkscope:eqversion:2.0

Trust: 1.0

vendor:intelmodel:authenticatescope:ltversion:3.8 earlier

Trust: 0.8

vendor:intelmodel:compute cardscope: - version: -

Trust: 0.8

vendor:intelmodel:compute stickscope: - version: -

Trust: 0.8

vendor:intelmodel:computing improvement programscope:ltversion:2.4.0.04733 earlier

Trust: 0.8

vendor:intelmodel:driver and support assistantscope:ltversion:19.7.30.2 earlier

Trust: 0.8

vendor:intelmodel:nuc kitscope: - version: -

Trust: 0.8

vendor:intelmodel:processor identification utilityscope:ltversion:for windows 6.1.0731 earlier

Trust: 0.8

vendor:intelmodel:raid web consolescope:eqversion:2

Trust: 0.8

vendor:intelmodel:remote displays sdkscope:ltversion:2.0.1 r2 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558 // NVD: CVE-2019-11148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11148
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201908-1258
value: HIGH

Trust: 0.6

VULHUB: VHN-142765
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11148
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-142765
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11148
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-142765 // CNNVD: CNNVD-201908-1258 // NVD: CVE-2019-11148

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-275

Trust: 0.1

sources: VULHUB: VHN-142765 // NVD: CVE-2019-11148

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1258

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-1258

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007558

PATCH
title:[INTEL-SA-00283] Intel Computing Improvement Program Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html
Trust: 0.8
title:[INTEL-SA-00246] Intel RAID Web Console 2 Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html
Trust: 0.8
title:[INTEL-SA-00272] Intel NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html
Trust: 0.8
title:[INTEL-SA-00275] Intel Authenticate Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html
Trust: 0.8
title:[INTEL-SA-00276] Intel Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html
Trust: 0.8
title:[INTEL-SA-00277] Intel Remote Displays SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html
Trust: 0.8
title:[INTEL-SA-00281] Intel Processor Identification Utility for Windows* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html
Trust: 0.8
title:Intel Remote Displays SDK Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96901
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1258

EXTERNAL IDS
db:NVDid:CVE-2019-11148
Trust: 2.5
db:JVNid:JVNVU99945432
Trust: 0.8
db:JVNDBid:JVNDB-2019-007558
Trust: 0.8
db:CNNVDid:CNNVD-201908-1258
Trust: 0.7
db:VULHUBid:VHN-142765
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142765 // 
            
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1258 // 
            
            
            
            NVD: CVE-2019-11148

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11148
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11163
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11162
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0173
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11140
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11143
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11145
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11146
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11148
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99945432/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11163
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11162
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0173
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11140
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11143
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11145
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11146
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142765 // 
            
            
            
            JVNDB: JVNDB-2019-007558 // 
            
            
            
            CNNVD: CNNVD-201908-1258 // 
            
            
            
            NVD: CVE-2019-11148

CREDITS
Marius Gabriel Mihai
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-1258

SOURCES
db:VULHUBid:VHN-142765
db:JVNDBid:JVNDB-2019-007558
db:CNNVDid:CNNVD-201908-1258
db:NVDid:CVE-2019-11148

LAST UPDATE DATE
2024-11-23T21:36:55.887000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142765date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-007558date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-1258date:2020-08-25T00:00:00
db:NVDid:CVE-2019-11148date:2024-11-21T04:20:37.527

SOURCES RELEASE DATE
db:VULHUBid:VHN-142765date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-007558date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-1258date:2019-08-19T00:00:00
db:NVDid:CVE-2019-11148date:2019-08-19T17:15:11.620