Details of VAR-202001-0482

ID

VAR-202001-0482

CVE

CVE-2019-14596

TITLE

Intel(R) Chipset Device Software INF Utility Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-014191

DESCRIPTION

Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.8

sources: NVD: CVE-2019-14596 // JVNDB: JVNDB-2019-014191 // VULHUB: VHN-146558 // VULMON: CVE-2019-14596

AFFECTED PRODUCTS

vendor:	intel	model:	chipset inf utility	scope:	lt	version:	10.1.18	Trust: 1.0
vendor:	intel	model:	chipset device software	scope:	lt	version:	inf utility 10.1.18	Trust: 0.8

sources: JVNDB: JVNDB-2019-014191 // NVD: CVE-2019-14596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14596
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-14596
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-540
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-146558
value:	LOW
Trust: 0.1
VULMON:	CVE-2019-14596
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-14596
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-146558
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14596
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14596
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-146558 // VULMON: CVE-2019-14596 // JVNDB: JVNDB-2019-014191 // CNNVD: CNNVD-202001-540 // NVD: CVE-2019-14596

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-863	Trust: 0.8

sources: JVNDB: JVNDB-2019-014191 // NVD: CVE-2019-14596

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-540

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-540

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014191

PATCH

title:	INTEL-SA-00308	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html	Trust: 0.8
title:	Intel Chipset Device Software INF Utility Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108527	Trust: 0.6
title:	HP: HPSBHF03656 rev. 1 - Intel® Chipset Device Software INF Utility Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03656	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2020/01/14/patch_tuesday_january_2020/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/intel-fixes-high-severity-flaw-in-performance-analysis-tool/151837/	Trust: 0.1

sources: VULMON: CVE-2019-14596 // JVNDB: JVNDB-2019-014191 // CNNVD: CNNVD-202001-540

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14596	Trust: 2.6
db:	JVN	id:	JVNVU98694410	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-014191	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-540	Trust: 0.7
db:	LENOVO	id:	LEN-29926	Trust: 0.6
db:	CNVD	id:	CNVD-2020-14833	Trust: 0.1
db:	VULHUB	id:	VHN-146558	Trust: 0.1
db:	VULMON	id:	CVE-2019-14596	Trust: 0.1

sources: VULHUB: VHN-146558 // VULMON: CVE-2019-14596 // JVNDB: JVNDB-2019-014191 // CNNVD: CNNVD-202001-540 // NVD: CVE-2019-14596

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14596	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14596	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98694410/	Trust: 0.8
url:	https://support.lenovo.com/us/en/product_security/len-29926	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/174345	Trust: 0.1
url:	https://threatpost.com/intel-fixes-high-severity-flaw-in-performance-analysis-tool/151837/	Trust: 0.1

sources: VULHUB: VHN-146558 // VULMON: CVE-2019-14596 // JVNDB: JVNDB-2019-014191 // CNNVD: CNNVD-202001-540 // NVD: CVE-2019-14596

CREDITS

Eran Shimony

Trust: 0.6

sources: CNNVD: CNNVD-202001-540

SOURCES

db:	VULHUB	id:	VHN-146558
db:	VULMON	id:	CVE-2019-14596
db:	JVNDB	id:	JVNDB-2019-014191
db:	CNNVD	id:	CNNVD-202001-540
db:	NVD	id:	CVE-2019-14596

LAST UPDATE DATE

2024-11-23T20:43:15.599000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146558	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-14596	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-014191	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202001-540	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-14596	date:	2024-11-21T04:26:59.987

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146558	date:	2020-01-17T00:00:00
db:	VULMON	id:	CVE-2019-14596	date:	2020-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-014191	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202001-540	date:	2020-01-14T00:00:00
db:	NVD	id:	CVE-2019-14596	date:	2020-01-17T18:15:12.680