Sign-up

ID

VAR-201909-1490


CVE

CVE-2019-11166


TITLE

Intel(R) Easy Streaming Wizard Vulnerability in Permission Management

Trust: 0.8

sources: JVNDB: JVNDB-2019-009427

DESCRIPTION

Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. Intel(R) Easy Streaming Wizard Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Easy Streaming Wizard is a set of streaming media transmission (live broadcast) configuration software developed by Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-11166 // JVNDB: JVNDB-2019-009427 // VULHUB: VHN-142785

AFFECTED PRODUCTS

vendor:intelmodel:easy streaming wizardscope:ltversion:2.1.0731

Trust: 1.8

sources: JVNDB: JVNDB-2019-009427 // NVD: CVE-2019-11166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11166
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11166
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-759
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142785
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11166
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142785
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11166
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-11166
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142785 // JVNDB: JVNDB-2019-009427 // CNNVD: CNNVD-201909-759 // NVD: CVE-2019-11166

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-142785 // JVNDB: JVNDB-2019-009427 // NVD: CVE-2019-11166

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-759

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-759

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009427

PATCH
title:INTEL-SA-00285url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00285.html
Trust: 0.8
title:Intel Easy Streaming Wizard Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98296
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009427 // 
            
            
            
            CNNVD: CNNVD-201909-759

EXTERNAL IDS
db:NVDid:CVE-2019-11166
Trust: 2.5
db:JVNid:JVNVU93614443
Trust: 0.8
db:JVNDBid:JVNDB-2019-009427
Trust: 0.8
db:CNNVDid:CNNVD-201909-759
Trust: 0.7
db:VULHUBid:VHN-142785
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142785 // 
            
            
            
            JVNDB: JVNDB-2019-009427 // 
            
            
            
            CNNVD: CNNVD-201909-759 // 
            
            
            
            NVD: CVE-2019-11166

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00285.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11166
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11166
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93614443/
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142785 // 
            
            
            
            JVNDB: JVNDB-2019-009427 // 
            
            
            
            CNNVD: CNNVD-201909-759 // 
            
            
            
            NVD: CVE-2019-11166

SOURCES
db:VULHUBid:VHN-142785
db:JVNDBid:JVNDB-2019-009427
db:CNNVDid:CNNVD-201909-759
db:NVDid:CVE-2019-11166

LAST UPDATE DATE
2024-11-23T20:48:11.074000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142785date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009427date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-759date:2020-08-25T00:00:00
db:NVDid:CVE-2019-11166date:2024-11-21T04:20:39.187

SOURCES RELEASE DATE
db:VULHUBid:VHN-142785date:2019-09-16T00:00:00
db:JVNDBid:JVNDB-2019-009427date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-759date:2019-09-16T00:00:00
db:NVDid:CVE-2019-11166date:2019-09-16T16:15:10.087