VAR-201903-1238
Vulnerability from variot - Updated: 2023-12-18 11:17Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Matrix Storage Manager is a matrix storage manager of Intel Corporation. This product can communicate with Intel I/O controller, SATA port. A security vulnerability exists in Intel Matrix Storage Manager 8.9.0.1023 and earlier versions. A local attacker could exploit this vulnerability to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1238",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "matrix storage manager",
"scope": "lte",
"trust": 1.8,
"vendor": "intel",
"version": "8.9.0.1023"
},
{
"model": "accelerated storage manager",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "active management technology",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "csme",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "matrix storage manager",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server platform services",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "sgx sdk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "trusted execution engine",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "usb 3.0 creator utility",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "intel",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "graphics driver",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "for windows"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "NVD",
"id": "CVE-2019-0121"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:matrix_storage_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.9.0.1023",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0121"
}
]
},
"cve": "CVE-2019-0121",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-0121",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-140152",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-0121",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-0121",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-555",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-140152",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140152"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"db": "NVD",
"id": "CVE-2019-0121"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Matrix Storage Manager is a matrix storage manager of Intel Corporation. This product can communicate with Intel I/O controller, SATA port. A security vulnerability exists in Intel Matrix Storage Manager 8.9.0.1023 and earlier versions. A local attacker could exploit this vulnerability to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0121"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "VULHUB",
"id": "VHN-140152"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0121",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-26976",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU98344681",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002597",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-555",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-18590",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-140152",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140152"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "NVD",
"id": "CVE-2019-0121"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-555"
}
]
},
"id": "VAR-201903-1238",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-140152"
}
],
"trust": 0.68615035
},
"last_update_date": "2023-12-18T11:17:06.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00216",
"trust": 1.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html"
},
{
"title": "INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html"
},
{
"title": "INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html"
},
{
"title": "INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html"
},
{
"title": "INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html"
},
{
"title": "INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html"
},
{
"title": "INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140152"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"db": "NVD",
"id": "CVE-2019-0121"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://support.lenovo.com/us/en/solutions/len-26976"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0121"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0121"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98344681/"
},
{
"trust": 0.8,
"url": "https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98344681"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140152"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "NVD",
"id": "CVE-2019-0121"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-140152"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "NVD",
"id": "CVE-2019-0121"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-140152"
},
{
"date": "2019-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"date": "2019-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"date": "2019-03-14T20:29:01.507000",
"db": "NVD",
"id": "CVE-2019-0121"
},
{
"date": "2019-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-140152"
},
{
"date": "2019-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002597"
},
{
"date": "2019-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"date": "2019-04-18T19:29:02.187000",
"db": "NVD",
"id": "CVE-2019-0121"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-555"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) Matrix Storage Manager Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002597"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-555"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…