Details of VAR-201912-1717

ID

VAR-201912-1717

CVE

CVE-2019-0134

TITLE

Intel(R) Dynamic Platform and Thermal Framework Inappropriate default permission vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013408

DESCRIPTION

Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege. Intel(R) Dynamic Platform and Thermal Framework Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Dynamic Platform and Thermal Framework (DPTF) is a set of power and thermal management solutions from Intel Corporation of the United States. Security vulnerabilities exist in Intel DPTF v8.3.10208.5643 and earlier versions. A local attacker could exploit this vulnerability to execute code with elevated privileges

Trust: 1.71

sources: NVD: CVE-2019-0134 // JVNDB: JVNDB-2019-013408 // VULHUB: VHN-140165

AFFECTED PRODUCTS

vendor:	intel	model:	dynamic platform and thermal framework	scope:	lte	version:	8.3.10208.5643	Trust: 1.0
vendor:	intel	model:	dynamic platform and thermal framework	scope:	lte	version:	8.3.10208.564	Trust: 0.8
vendor:	intel	model:	dynamic platform and thermal framework	scope:	eq	version:	8.3.10208.5643	Trust: 0.6
vendor:	intel	model:	dynamic platform and thermal framework	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2019-013408 // CNNVD: CNNVD-201912-430 // NVD: CVE-2019-0134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0134
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-0134
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201912-430
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140165
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0134
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140165
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0134
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-0134
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-140165 // JVNDB: JVNDB-2019-013408 // CNNVD: CNNVD-201912-430 // NVD: CVE-2019-0134

PROBLEMTYPE DATA

problemtype:

CWE-276

Trust: 1.9

sources: VULHUB: VHN-140165 // JVNDB: JVNDB-2019-013408 // NVD: CVE-2019-0134

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-430

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-430

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013408

PATCH

title:	INTEL-SA-00230	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00230.html	Trust: 0.8
title:	Intel Dynamic Platform and Thermal Framework Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105739	Trust: 0.6

sources: JVNDB: JVNDB-2019-013408 // CNNVD: CNNVD-201912-430

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0134	Trust: 2.5
db:	JVN	id:	JVNVU93632155	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013408	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-430	Trust: 0.7
db:	LENOVO	id:	LEN-29841	Trust: 0.6
db:	CNVD	id:	CNVD-2020-14844	Trust: 0.1
db:	VULHUB	id:	VHN-140165	Trust: 0.1

sources: VULHUB: VHN-140165 // JVNDB: JVNDB-2019-013408 // CNNVD: CNNVD-201912-430 // NVD: CVE-2019-0134

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00230.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0134	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0134	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93632155/	Trust: 0.8
url:	https://support.lenovo.com/us/en/product_security/len-29841	Trust: 0.6

sources: VULHUB: VHN-140165 // JVNDB: JVNDB-2019-013408 // CNNVD: CNNVD-201912-430 // NVD: CVE-2019-0134

SOURCES

db:	VULHUB	id:	VHN-140165
db:	JVNDB	id:	JVNDB-2019-013408
db:	CNNVD	id:	CNNVD-201912-430
db:	NVD	id:	CVE-2019-0134

LAST UPDATE DATE

2024-11-23T20:08:23.868000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140165	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013408	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-430	date:	2020-02-12T00:00:00
db:	NVD	id:	CVE-2019-0134	date:	2024-11-21T04:16:18.370

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140165	date:	2019-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-013408	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-430	date:	2019-12-10T00:00:00
db:	NVD	id:	CVE-2019-0134	date:	2019-12-16T20:15:14.257