cnvd - cnvd-2020-18598

CNVD-2020-18598

Vulnerability from cnvd - Published: 2020-03-22

Title

Intel Processor Identification Utility访问控制错误漏洞

Description

Intel Processor Identification Utility是美国英特尔（Intel）公司的一款处理器识别实用程序。该程序支持显示图形信息、芯片组信息、处理器支持的技术以及其他信息等。 Intel Processor Identification Utility存在访问控制错误漏洞。攻击者可利用该漏洞提升权限，造成拒绝服务或泄露信息。

Severity

中

Patch Name

Intel Processor Identification Utility访问控制错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-11163

Impacted products

Name
Intel Intel Processor Identification Utility <6.1.0731

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-11163",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-11163"
    }
  },
  "description": "Intel Processor Identification Utility\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5904\u7406\u5668\u8bc6\u522b\u5b9e\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u652f\u6301\u663e\u793a\u56fe\u5f62\u4fe1\u606f\u3001\u82af\u7247\u7ec4\u4fe1\u606f\u3001\u5904\u7406\u5668\u652f\u6301\u7684\u6280\u672f\u4ee5\u53ca\u5176\u4ed6\u4fe1\u606f\u7b49\u3002\n\nIntel Processor Identification Utility\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u6cc4\u9732\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-18598",
  "openTime": "2020-03-22",
  "patchDescription": "Intel Processor Identification Utility\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5904\u7406\u5668\u8bc6\u522b\u5b9e\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u652f\u6301\u663e\u793a\u56fe\u5f62\u4fe1\u606f\u3001\u82af\u7247\u7ec4\u4fe1\u606f\u3001\u5904\u7406\u5668\u652f\u6301\u7684\u6280\u672f\u4ee5\u53ca\u5176\u4ed6\u4fe1\u606f\u7b49\u3002\r\n\r\nIntel Processor Identification Utility\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Processor Identification Utility\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Intel Processor Identification Utility \u003c6.1.0731"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-11163",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-21",
  "title": "Intel Processor Identification Utility\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-11163 (GCVE-0-2019-11163)

Vulnerability from cvelistv5 – Published: 2019-08-19 16:12 – Updated: 2024-08-04 22:48

Summary

Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

Severity ?

No CVSS data available.

CWE

Escalation of Privilege, Denial of Service, Information Disclosure

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Processor Identification Utility for Windows* Advisory	Affected: Versions before 6.1.0731

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:08.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Processor Identification Utility for Windows* Advisory",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before 6.1.0731"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege, Denial of Service, Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-19T16:12:16",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-11163",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Processor Identification Utility for Windows* Advisory",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before 6.1.0731"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege, Denial of Service, Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-11163",
    "datePublished": "2019-08-19T16:12:16",
    "dateReserved": "2019-04-11T00:00:00",
    "dateUpdated": "2024-08-04T22:48:08.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-18598

CVE-2019-11163 (GCVE-0-2019-11163)

Tags

Sightings

Nomenclature