VAR-201905-0865
Vulnerability from variot - Updated: 2023-12-18 11:31Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Quartus The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Quartus Software is a set of software for hardware programming developed by Intel Corporation of the United States. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0865",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartus prime",
"scope": null,
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "quartus prime",
"scope": "lte",
"trust": 1.0,
"vendor": "intel",
"version": "18.1"
},
{
"model": "quartus ii",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "9.1"
},
{
"model": "quartus prime",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "15.1"
},
{
"model": "quartus ii",
"scope": "lte",
"trust": 1.0,
"vendor": "intel",
"version": "15.0"
},
{
"model": "acu wizard",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "active management technology",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "converged security management engine",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "driver and support assistant",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "dynamic application loader",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "i915",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc board nuc7i7dnbe",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i5dnhe",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i7dnhe",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i7dnke",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc8i7hnk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc8i7hvk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "proset/wireless software driver",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "quartus ii programmer and tools",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server platform services",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "trusted execution engine",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "intel",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "scs discovery utility",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "unite client",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "graphics driver",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "quartus ii",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003441"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"db": "NVD",
"id": "CVE-2019-0171"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:quartus_prime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.1",
"versionStartIncluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:quartus_ii:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.0",
"versionStartIncluding": "9.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0171"
}
]
},
"cve": "CVE-2019-0171",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-0171",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-140202",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-0171",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-0171",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-757",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-140202",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"db": "NVD",
"id": "CVE-2019-0171"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-757"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Quartus The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Quartus Software is a set of software for hardware programming developed by Intel Corporation of the United States. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"db": "VULHUB",
"id": "VHN-140202"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0171",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92328381",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003441",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-757",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-18592",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-140202",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003441"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"db": "NVD",
"id": "CVE-2019-0171"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-757"
}
]
},
"id": "VAR-201905-0865",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-140202"
}
],
"trust": 0.6336601066666667
},
"last_update_date": "2023-12-18T11:31:56.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00244 - IntelR QuartusR Software Advisory",
"trust": 1.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html"
},
{
"title": "INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html"
},
{
"title": "INTEL-SA-00245 - Intel UniteR Client for Android* Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html"
},
{
"title": "INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html"
},
{
"title": "INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html"
},
{
"title": "INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"
},
{
"title": "INTEL-SA-00251 - IntelR NUC Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html"
},
{
"title": "INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html"
},
{
"title": "INTEL-SA-00252 - IntelR Driver \u0026 Support Assistant Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html"
},
{
"title": "INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html"
},
{
"title": "INTEL-SA-00228 - Intel UniteR Client Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html"
},
{
"title": "INTEL-SA-00233 - Microarchitectural Data Sampling Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003441"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"db": "NVD",
"id": "CVE-2019-0171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.f5.com/csp/article/k33245306"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0171"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92328381/index.html"
},
{
"trust": 0.8,
"url": "https://mdsattacks.com/files/ridl.pdf"
},
{
"trust": 0.8,
"url": "https://mdsattacks.com/files/fallout.pdf"
},
{
"trust": 0.8,
"url": "https://zombieloadattack.com/"
},
{
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0171"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92328381/"
},
{
"trust": 0.8,
"url": "https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003441"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"db": "NVD",
"id": "CVE-2019-0171"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-757"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-140202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003441"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"db": "NVD",
"id": "CVE-2019-0171"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-757"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-140202"
},
{
"date": "2019-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003441"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"date": "2019-05-17T16:29:02.220000",
"db": "NVD",
"id": "CVE-2019-0171"
},
{
"date": "2019-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-757"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-140202"
},
{
"date": "2019-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003441"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004719"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-0171"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-757"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-757"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003441"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-757"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…