Sign-up

ID

VAR-201910-1672


CVE

CVE-2019-11167


TITLE

Intel(R) NUC for Intel Smart Connect Technology Vulnerability in Permission Management

Trust: 0.8

sources: JVNDB: JVNDB-2019-010661

DESCRIPTION

Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Smart Connect Technology for Intel NUC is a system update program for Intel NUC computers developed by Intel Corporation. A remote attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-11167 // JVNDB: JVNDB-2019-010661 // VULHUB: VHN-142786

AFFECTED PRODUCTS

vendor:intelmodel:smart connect technologyscope:eqversion: -

Trust: 1.0

vendor:intelmodel:smart connect technologyscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010661 // NVD: CVE-2019-11167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11167
value: HIGH

Trust: 1.0

NVD: CVE-2019-11167
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-737
value: HIGH

Trust: 0.6

VULHUB: VHN-142786
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11167
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142786
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11167
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-11167
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142786 // JVNDB: JVNDB-2019-010661 // CNNVD: CNNVD-201910-737 // NVD: CVE-2019-11167

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-269

Trust: 0.8

sources: VULHUB: VHN-142786 // JVNDB: JVNDB-2019-010661 // NVD: CVE-2019-11167

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-737

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-737

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010661

PATCH
title:INTEL-SA-00286url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00286.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-010661

EXTERNAL IDS
db:NVDid:CVE-2019-11167
Trust: 2.5
db:JVNid:JVNVU90055983
Trust: 0.8
db:JVNDBid:JVNDB-2019-010661
Trust: 0.8
db:CNNVDid:CNNVD-201910-737
Trust: 0.7
db:VULHUBid:VHN-142786
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142786 // 
            
            
            
            JVNDB: JVNDB-2019-010661 // 
            
            
            
            CNNVD: CNNVD-201910-737 // 
            
            
            
            NVD: CVE-2019-11167

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00286.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11167
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11167
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90055983/
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142786 // 
            
            
            
            JVNDB: JVNDB-2019-010661 // 
            
            
            
            CNNVD: CNNVD-201910-737 // 
            
            
            
            NVD: CVE-2019-11167

SOURCES
db:VULHUBid:VHN-142786
db:JVNDBid:JVNDB-2019-010661
db:CNNVDid:CNNVD-201910-737
db:NVDid:CVE-2019-11167

LAST UPDATE DATE
2024-11-23T22:37:41.282000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142786date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-010661date:2019-10-18T00:00:00
db:CNNVDid:CNNVD-201910-737date:2020-08-25T00:00:00
db:NVDid:CVE-2019-11167date:2024-11-21T04:20:39.287

SOURCES RELEASE DATE
db:VULHUBid:VHN-142786date:2019-10-11T00:00:00
db:JVNDBid:JVNDB-2019-010661date:2019-10-18T00:00:00
db:CNNVDid:CNNVD-201910-737date:2019-10-11T00:00:00
db:NVDid:CVE-2019-11167date:2019-10-11T18:15:11.177