VARIoT IoT vulnerabilities database

Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Board ID Tool is a software used by Intel Corporation to interact with Intel motherboards

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Open WebRTC Toolkit Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Open WebRTC Toolkit is an open-source, cross-platform WebRTC client framework based on Gstreamer, an end-to-end audio/video communication development kit developed by Intel Corporation. This toolkit is used to create high-performance, reliable and scalable real-time communication applications. A security vulnerability exists in Intel Open WebRTC Toolkit versions prior to 4.3.1

Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Advisor tools The installer contains a vulnerability related to improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Advisor tools is a programming-oriented vector optimization and prototyping software from Intel Corporation. The software can analyze the code and provide code operation efficiency through a variety of analysis methods

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) QAT for Linux Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel QuickAssist Technology for Linux is a technology of Intel Corporation that can improve server utilization. This technology balances server pressure by sharing the pressure of computing-intensive tasks to improve server efficiency

Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. An attacker could exploit this vulnerability to escalate privileges

Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) VTune(TM) Profiler There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel VTune Profiler is a performance testing tool used by Intel Corporation to optimize software. The software can perform performance tests on embedded applications of the Internet of Things, media software, Java applications, and high-performance computing applications. The previous version of Intel(R) VTune(TM) Profiler 2020 Update 1 has a security vulnerability. The vulnerability stems from a controlled search path. Attackers can use this vulnerability to upgrade privileges

Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. Intel(R) EMA Exists in an inadequate protection of credentials.Information may be obtained. Intel Endpoint Management Assistant (Intel EMA) is a management software developed by Intel Corporation for managing remote devices. The software provides security and convenience for telecommuting

Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) EMA Contains a path traversal vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. Intel Active Management Technology versions prior to 1.3.3 have an access control error vulnerability, which stems from the fact that network systems or products do not properly restrict resource access from unauthorized roles

Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. Intel Data Center Manager SDK is a data center management SDK (Software Development Kit) of Intel Corporation. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) XTU Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Extreme Tuning Utility is a software from Intel Corporation that can increase CPU frequency. In addition to supporting CPU and graphics card overclocking, the software also has the functions of system hardware information detection and real-time monitoring of the current system status to ensure system stability after overclocking

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access. Intel Data Center Manager SDK is a data center management SDK (Software Development Kit) of Intel Corporation. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Battery Life Diagnostic Tool Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Battery Life Diagnostic Tool is a battery life analysis software developed by Intel Corporation

Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Data Center Manager SDK is a data center management SDK (Software Development Kit) of Intel Corporation. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. Windows for Intel(R) Unite Client Is vulnerable to a buffer error.Information may be obtained. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. An attacker could exploit this vulnerability to cause information leakage

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. plural Huawei The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is a vulnerability in the firmware regarding improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Document Title: =============== Intel NUC - Local Privilege Escalation Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2267 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525 CVE-ID: ======= CVE-2020-24525 Release Date: ============= 2020-11-13 Vulnerability Laboratory ID (VL-ID): ==================================== 2267 Common Vulnerability Scoring System: ==================================== 6.7 Vulnerability Class: ==================== Privilege Escalation Current Estimated Price: ======================== 10.000€ - 25.000€ Product & Service Introduction: =============================== The Intel® NUC kit consists of a customizable mainboard and housing. You can choose from a large selection of memory and data storage as well as the operating system. (Copy of the Homepage: https://www.intel.de/content/www/de/de/products/boards-kits/nuc/kits.html ) Abstract Advisory Information: ============================== A vulnerability laboratory core team researcher discovered a local privilege escalation in the official Intel® NUC. Affected Product(s): ==================== Intel® NUC Intel® NUC Board DE3815TYBE with a SA number H27002-500 and later. The SA number is located on the back of the chassis. TYBYT20H.86A Intel® NUC Kit DE3815TYKHE with an AA number H26998-500 and later. The AA number is found on the board’s memory module socket. TYBYT20H.86A Intel® NUC Board DE3815TYBE with the following SA numbers: H27002-400, -401, -402, -404, and -404. The SA number is located on the back of the chassis. TYBYT10H.86A Intel® NUC Kit DE3815TYKHE with the following AA numbers: H26998-401, -402, -403, -404, and -405. The AA number is found on the board’s memory module socket. TYBYT10H.86A Intel® NUC 8 Rugged Kit NUC8CCHKR CHAPLCEL.0049 Intel® NUC Board NUC8CCHB CHAPLCEL.0049 Intel® NUC 8 Pro Mini PC NUC8i3PNK PNWHL357.0037 Intel® NUC 8 Pro Kit NUC8i3PNK PNWHL357.0037 Intel® NUC 8 Pro Kit NUC8i3PNH PNWHL357.0037 Intel® NUC 8 Pro Board NUC8i3PNB PNWHL357.0037 Intel® NUC 9 Pro Kit - NUC9V7QNX QNCFLX70.34 Intel® NUC 9 Pro Kit - NUC9VXQNX QNCFLX70.34 Intel® NUC 8 Mainstream-G kit (NUC8i5INH) INWHL357.0036 Intel® NUC 8 Mainstream-G kit (NUC8i7INH) INWHL357.0036 Intel® NUC 8 Mainstream-G mini PC (NUC8i5INH) INWHL357.0036 Intel® NUC 8 Mainstream-G mini PC (NUC8i7INH) INWHL357.0036 Vulnerability Disclosure Timeline: ================================== 2020-11-13: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Local Severity Level: =============== Medium Authentication Type: ==================== Restricted Authentication (User Privileges) User Interaction: ================= No User Interaction Disclosure Type: ================ Bug Bounty Technical Details & Description: ================================ Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user with system privileges to potentially enable an escalation of the local process privilege via local system access. Solution - Fix & Patch: ======================= Intel recommends that users update to the latest NUC firmware version (see provided table). Intel recommends users update HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN to an updated version 1.76 via the following URL: https://downloadcenter.intel.com/download/27315?v=t Security Risk: ============== The security risk of the local privilege escalation vulnerability in the intel nuc is estimated as medium. Credits & Authors: ================== S.AbenMassaoud [Core Research Team] - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. Domains: www.vulnerability-lab.com www.vuln-lab.com www.vulnerability-db.com Services: magazine.vulnerability-lab.com paste.vulnerability-db.com infosec.vulnerability-db.com Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php vulnerability-lab.com/rss/rss_upcoming.php vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php vulnerability-lab.com/register.php vulnerability-lab.com/list-of-bug-bounty-programs.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@) to get a ask permission. Copyright © 2020 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com

PACsystem RX7i is an intelligent platform product of General Electric Company in the United States. It is often used in steel, aluminum plants, automobile plants, nuclear power plants, and high-speed production lines for production control. GE PACsystem RX7i has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service on the server.

PACsystem RX7i is an intelligent platform product of General Electric Company in the United States. It is often used in steel, aluminum plants, automobile plants, nuclear power plants, and high-speed production lines for production control. GE PACsystem RX7i has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service on the server.

General Electric (GE) is the world's largest multinational company providing technology and services, headquartered in Boston, USA. The American general PACsystem RX3i has a vulnerability in industrial control equipment, which can be exploited by attackers to make the server denial of service.