cvelistv5 - cve-2019-11162

CVE-2019-11162 (GCVE-0-2019-11162)

Vulnerability from cvelistv5 – Published: 2019-08-19 16:11 – Updated: 2024-08-04 22:48

Summary

Severity ?

No CVSS data available.

CWE

Escalation of Privilege, Denial of Service, Information Disclosure

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Computing Improvement Program Advisory	Affected: Versions before 2.4.0.04733

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:09.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Computing Improvement Program Advisory",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before 2.4.0.04733"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege, Denial of Service, Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-19T16:11:56",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-11162",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Computing Improvement Program Advisory",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before 2.4.0.04733"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege, Denial of Service, Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-11162",
    "datePublished": "2019-08-19T16:11:56",
    "dateReserved": "2019-04-11T00:00:00",
    "dateUpdated": "2024-08-04T22:48:09.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:computing_improvement_program:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.4.0.04733\", \"matchCriteriaId\": \"FDA12CE5-6C3A-4850-BE5A-3965C7817640\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.\"}, {\"lang\": \"es\", \"value\": \"Un control de acceso insuficiente en la abstracci\\u00f3n de hardware en el controlador SEMA para Intel\\u00ae Computing Improvement Program versiones anteriores a 2.4.0.0.04733, puede permitir a un usuario autenticado habilitar potencialmente la escalada de privilegios, la denegaci\\u00f3n de servicio o la divulgaci\\u00f3n de informaci\\u00f3n por medio del acceso local.\"}]",
      "id": "CVE-2019-11162",
      "lastModified": "2024-11-21T04:20:38.867",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-08-19T17:15:11.667",
      "references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11162\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2019-08-19T17:15:11.667\",\"lastModified\":\"2024-11-21T04:20:38.867\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.\"},{\"lang\":\"es\",\"value\":\"Un control de acceso insuficiente en la abstracci\u00f3n de hardware en el controlador SEMA para Intel\u00ae Computing Improvement Program versiones anteriores a 2.4.0.0.04733, puede permitir a un usuario autenticado habilitar potencialmente la escalada de privilegios, la denegaci\u00f3n de servicio o la divulgaci\u00f3n de informaci\u00f3n por medio del acceso local.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:computing_improvement_program:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.0.04733\",\"matchCriteriaId\":\"FDA12CE5-6C3A-4850-BE5A-3965C7817640\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2019-11162

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-11162

Aliases

CVE-2019-11162

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-11162",
    "description": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.",
    "id": "GSD-2019-11162"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-11162"
      ],
      "details": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.",
      "id": "GSD-2019-11162",
      "modified": "2023-12-13T01:24:02.454825Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2019-11162",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) Computing Improvement Program Advisory",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions before 2.4.0.04733"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege, Denial of Service, Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:computing_improvement_program:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.0.04733",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-11162"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-08-19T17:15Z"
    }
  }
}

CERTFR-2019-AVI-399

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel Processor Identification Utility pour Windows versions antérieures à 6.1.0731
Intel	N/A	Intel Remote Displays SDK versions antérieures à 2.0.1 R2
Intel	N/A	Intel Authenticate versions antérieures à 3.8
Intel	N/A	Intel Compute Stick STK2MV64CC versions antérieures à 0060
Intel	N/A	Intel NUC Kit NUC7i7DNx, NUC7i5DNx et NUC7i3DNx versions antérieures à 0066
Intel	N/A	Intel Compute Card CD1IV128MK versions antérieures à 0037
Intel	N/A	Intel Computing Improvement Program versions antérieures à 2.4.0.04733
Intel	N/A	Intel RAID Web Console 3 versions antérieures à 7.009.011.000
Intel	N/A	Intel Driver & Support Assistant versions antérieures à 19.7.30.2

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00246 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00272 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00281 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00283 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00276 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00277 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00275 du 13 août 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel Processor Identification Utility pour Windows versions ant\u00e9rieures \u00e0 6.1.0731",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Remote Displays SDK versions ant\u00e9rieures \u00e0 2.0.1 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Authenticate versions ant\u00e9rieures \u00e0 3.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Stick STK2MV64CC versions ant\u00e9rieures \u00e0 0060",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC7i7DNx, NUC7i5DNx et NUC7i3DNx versions ant\u00e9rieures \u00e0 0066",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Card CD1IV128MK versions ant\u00e9rieures \u00e0 0037",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Computing Improvement Program versions ant\u00e9rieures \u00e0 2.4.0.04733",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel RAID Web Console 3 versions ant\u00e9rieures \u00e0 7.009.011.000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver \u0026 Support Assistant versions ant\u00e9rieures \u00e0 19.7.30.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11146"
    },
    {
      "name": "CVE-2019-11140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11140"
    },
    {
      "name": "CVE-2019-11143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11143"
    },
    {
      "name": "CVE-2019-11162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11162"
    },
    {
      "name": "CVE-2019-0173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0173"
    },
    {
      "name": "CVE-2019-11145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11145"
    },
    {
      "name": "CVE-2019-11163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11163"
    },
    {
      "name": "CVE-2019-11148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11148"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00246 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00272 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00281 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00283 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00276 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00277 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00275 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html"
    }
  ]
}

CERTFR-2019-AVI-399

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel Processor Identification Utility pour Windows versions antérieures à 6.1.0731
Intel	N/A	Intel Remote Displays SDK versions antérieures à 2.0.1 R2
Intel	N/A	Intel Authenticate versions antérieures à 3.8
Intel	N/A	Intel Compute Stick STK2MV64CC versions antérieures à 0060
Intel	N/A	Intel NUC Kit NUC7i7DNx, NUC7i5DNx et NUC7i3DNx versions antérieures à 0066
Intel	N/A	Intel Compute Card CD1IV128MK versions antérieures à 0037
Intel	N/A	Intel Computing Improvement Program versions antérieures à 2.4.0.04733
Intel	N/A	Intel RAID Web Console 3 versions antérieures à 7.009.011.000
Intel	N/A	Intel Driver & Support Assistant versions antérieures à 19.7.30.2

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00246 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00272 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00281 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00283 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00276 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00277 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00275 du 13 août 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel Processor Identification Utility pour Windows versions ant\u00e9rieures \u00e0 6.1.0731",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Remote Displays SDK versions ant\u00e9rieures \u00e0 2.0.1 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Authenticate versions ant\u00e9rieures \u00e0 3.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Stick STK2MV64CC versions ant\u00e9rieures \u00e0 0060",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit NUC7i7DNx, NUC7i5DNx et NUC7i3DNx versions ant\u00e9rieures \u00e0 0066",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Compute Card CD1IV128MK versions ant\u00e9rieures \u00e0 0037",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Computing Improvement Program versions ant\u00e9rieures \u00e0 2.4.0.04733",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel RAID Web Console 3 versions ant\u00e9rieures \u00e0 7.009.011.000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver \u0026 Support Assistant versions ant\u00e9rieures \u00e0 19.7.30.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11146"
    },
    {
      "name": "CVE-2019-11140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11140"
    },
    {
      "name": "CVE-2019-11143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11143"
    },
    {
      "name": "CVE-2019-11162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11162"
    },
    {
      "name": "CVE-2019-0173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0173"
    },
    {
      "name": "CVE-2019-11145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11145"
    },
    {
      "name": "CVE-2019-11163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11163"
    },
    {
      "name": "CVE-2019-11148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11148"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00246 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00272 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00281 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00283 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00276 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00277 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00275 du 13 ao\u00fbt 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html"
    }
  ]
}

GHSA-Q646-865J-3HX6

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-04-04 01:42

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-11162"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-19T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.",
  "id": "GHSA-q646-865j-3hx6",
  "modified": "2024-04-04T01:42:21Z",
  "published": "2022-05-24T16:53:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11162"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2019-42714

Vulnerability from cnvd - Published: 2019-11-28

Title

Intel Computing Improvement Program访问控制错误漏洞

Description

Intel Computing Improvement Program是美国英特尔（Intel）公司的一款软件改进计划应用程序。该程序用于收集计算机功能使用信息、组件使用信息和操作系统信息等。 Intel Computing Improvement Program 2.4.0.04733之前版本中的SEMA驱动程序的hardware abstraction存在访问控制错误漏洞。本地攻击者可利用该漏洞提升权限，造成拒绝服务或泄露信息。

Severity

中

Patch Name

Intel Computing Improvement Program访问控制错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html

Reference

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html

Impacted products

Name
Intel Intel Computing Improvement Program <2.4.0.04733

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-11162",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-11162"
    }
  },
  "description": "Intel Computing Improvement Program\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8f6f\u4ef6\u6539\u8fdb\u8ba1\u5212\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u7528\u4e8e\u6536\u96c6\u8ba1\u7b97\u673a\u529f\u80fd\u4f7f\u7528\u4fe1\u606f\u3001\u7ec4\u4ef6\u4f7f\u7528\u4fe1\u606f\u548c\u64cd\u4f5c\u7cfb\u7edf\u4fe1\u606f\u7b49\u3002\n\nIntel Computing Improvement Program 2.4.0.04733\u4e4b\u524d\u7248\u672c\u4e2d\u7684SEMA\u9a71\u52a8\u7a0b\u5e8f\u7684hardware abstraction\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u6cc4\u9732\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42714",
  "openTime": "2019-11-28",
  "patchDescription": "Intel Computing Improvement Program\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8f6f\u4ef6\u6539\u8fdb\u8ba1\u5212\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u7528\u4e8e\u6536\u96c6\u8ba1\u7b97\u673a\u529f\u80fd\u4f7f\u7528\u4fe1\u606f\u3001\u7ec4\u4ef6\u4f7f\u7528\u4fe1\u606f\u548c\u64cd\u4f5c\u7cfb\u7edf\u4fe1\u606f\u7b49\u3002\r\n\r\nIntel Computing Improvement Program 2.4.0.04733\u4e4b\u524d\u7248\u672c\u4e2d\u7684SEMA\u9a71\u52a8\u7a0b\u5e8f\u7684hardware abstraction\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Computing Improvement Program\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Intel Computing Improvement Program \u003c2.4.0.04733"
  },
  "referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-21",
  "title": "Intel Computing Improvement Program\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

VAR-201908-1942

Vulnerability from variot - Updated: 2023-12-18 12:50

Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. Intel Computing Improvement Program is a software improvement program application program of Intel Corporation. This program is used to collect computer function usage information, component usage information, operating system information, etc. A local attacker could exploit this vulnerability to elevate privileges, cause denial of service or disclose information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1942",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "computing improvement program",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2.4.0.04733"
      },
      {
        "model": "authenticate",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "3.8 earlier"
      },
      {
        "model": "compute card",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "compute stick",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "computing improvement program",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "2.4.0.04733 earlier"
      },
      {
        "model": "driver and support assistant",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "19.7.30.2 earlier"
      },
      {
        "model": "nuc kit",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "processor identification utility",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "for windows 6.1.0731 earlier"
      },
      {
        "model": "raid web console",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "2"
      },
      {
        "model": "remote displays sdk",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "2.0.1 r2 earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007558"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11162"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:computing_improvement_program:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.0.04733",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11162"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jesse Michael",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-11162",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-142781",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-11162",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-1259",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-142781",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142781"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11162"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. Intel Computing Improvement Program is a software improvement program application program of Intel Corporation. This program is used to collect computer function usage information, component usage information, operating system information, etc. A local attacker could exploit this vulnerability to elevate privileges, cause denial of service or disclose information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142781"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-11162",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVNVU99945432",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007558",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-142781",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007558"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11162"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ]
  },
  "id": "VAR-201908-1942",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142781"
      }
    ],
    "trust": 0.35292397
  },
  "last_update_date": "2023-12-18T12:50:08.091000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[INTEL-SA-00283] Intel Computing Improvement Program Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
      },
      {
        "title": "[INTEL-SA-00246] Intel RAID Web Console 2 Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html"
      },
      {
        "title": "[INTEL-SA-00272] Intel NUC Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html"
      },
      {
        "title": "[INTEL-SA-00275] Intel Authenticate Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html"
      },
      {
        "title": "[INTEL-SA-00276] Intel Driver \u0026 Support Assistant Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html"
      },
      {
        "title": "[INTEL-SA-00277] Intel Remote Displays SDK Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html"
      },
      {
        "title": "[INTEL-SA-00281] Intel Processor Identification Utility for Windows* Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html"
      },
      {
        "title": "Intel Computing Improvement Program Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96902"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142781"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11162"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11162"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11163"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11162"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0173"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11140"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11143"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11145"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11146"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11148"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99945432/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11163"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0173"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11140"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11143"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11145"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11146"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11148"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007558"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11162"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-142781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007558"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11162"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142781"
      },
      {
        "date": "2019-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007558"
      },
      {
        "date": "2019-08-19T17:15:11.667000",
        "db": "NVD",
        "id": "CVE-2019-11162"
      },
      {
        "date": "2019-08-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142781"
      },
      {
        "date": "2019-10-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007558"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2019-11162"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel Multiple vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007558"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1259"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2019-11162

Vulnerability from fkie_nvd - Published: 2019-08-19 17:15 - Updated: 2024-11-21 04:20

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	computing_improvement_program	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:computing_improvement_program:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDA12CE5-6C3A-4850-BE5A-3965C7817640",
              "versionEndExcluding": "2.4.0.04733",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access."
    },
    {
      "lang": "es",
      "value": "Un control de acceso insuficiente en la abstracci\u00f3n de hardware en el controlador SEMA para Intel\u00ae Computing Improvement Program versiones anteriores a 2.4.0.0.04733, puede permitir a un usuario autenticado habilitar potencialmente la escalada de privilegios, la denegaci\u00f3n de servicio o la divulgaci\u00f3n de informaci\u00f3n por medio del acceso local."
    }
  ],
  "id": "CVE-2019-11162",
  "lastModified": "2024-11-21T04:20:38.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-19T17:15:11.667",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-11162 (GCVE-0-2019-11162)

GSD-2019-11162

CERTFR-2019-AVI-399

Solution

CERTFR-2019-AVI-399

Solution

GHSA-Q646-865J-3HX6

CNVD-2019-42714

VAR-201908-1942

FKIE_CVE-2019-11162

Tags

Sightings

Nomenclature