Sign-up

ID

VAR-201912-0876


CVE

CVE-2019-14605


TITLE

Intel(R) SCS Platform Discovery Utility Inappropriate default permission vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013405

DESCRIPTION

Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. Intel(R) SCS Platform Discovery Utility Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel SCS Discovery Utility is a utility program of Intel Corporation for obtaining detailed data about Intel AMT. A security vulnerability exists in the installer in the Intel SCS Discovery Utility (all versions). A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-14605 // JVNDB: JVNDB-2019-013405 // VULHUB: VHN-146568

AFFECTED PRODUCTS

vendor:intelmodel:setup and configuration software platform discovery utilityscope:eqversion:*

Trust: 1.0

vendor:intelmodel:scs platform discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:setup and configuration software platform discovery utilityscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-013405 // CNNVD: CNNVD-201912-729 // NVD: CVE-2019-14605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14605
value: HIGH

Trust: 1.0

NVD: CVE-2019-14605
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201912-729
value: HIGH

Trust: 0.6

VULHUB: VHN-146568
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-14605
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-146568
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14605
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-14605
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-146568 // JVNDB: JVNDB-2019-013405 // CNNVD: CNNVD-201912-729 // NVD: CVE-2019-14605

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.9

sources: VULHUB: VHN-146568 // JVNDB: JVNDB-2019-013405 // NVD: CVE-2019-14605

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-729

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-729

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013405

PATCH
title:INTEL-SA-00312url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00312.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013405

EXTERNAL IDS
db:NVDid:CVE-2019-14605
Trust: 2.5
db:JVNid:JVNVU93632155
Trust: 0.8
db:JVNDBid:JVNDB-2019-013405
Trust: 0.8
db:CNNVDid:CNNVD-201912-729
Trust: 0.7
db:CNVDid:CNVD-2020-14836
Trust: 0.1
db:VULHUBid:VHN-146568
Trust: 0.1
sources:
            
            
            VULHUB: VHN-146568 // 
            
            
            
            JVNDB: JVNDB-2019-013405 // 
            
            
            
            CNNVD: CNNVD-201912-729 // 
            
            
            
            NVD: CVE-2019-14605

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00312.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-14605
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14605
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93632155/
Trust: 0.8
sources:
            
            
            VULHUB: VHN-146568 // 
            
            
            
            JVNDB: JVNDB-2019-013405 // 
            
            
            
            CNNVD: CNNVD-201912-729 // 
            
            
            
            NVD: CVE-2019-14605

SOURCES
db:VULHUBid:VHN-146568
db:JVNDBid:JVNDB-2019-013405
db:CNNVDid:CNNVD-201912-729
db:NVDid:CVE-2019-14605

LAST UPDATE DATE
2024-11-23T20:52:08.295000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-146568date:2019-12-23T00:00:00
db:JVNDBid:JVNDB-2019-013405date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-729date:2019-12-27T00:00:00
db:NVDid:CVE-2019-14605date:2024-11-21T04:27:00.947

SOURCES RELEASE DATE
db:VULHUBid:VHN-146568date:2019-12-16T00:00:00
db:JVNDBid:JVNDB-2019-013405date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-729date:2019-12-16T00:00:00
db:NVDid:CVE-2019-14605date:2019-12-16T20:15:15.100