VAR-201907-1615
Vulnerability from variot - Updated: 2023-12-18 12:28Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel Has released an update for each product.* Privilege escalation * INTEL-SA-00267 * CVE-2018-18095 * INTEL-SA-00268 * CVE-2019-11133 * Service operation interruption (DoS) attack * INTEL-SA-00268 * CVE-2019-11133 * information leak * INTEL-SA-00268 * CVE-2019-11133. Intel Processor Diagnostic Tool is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Permissions and access control issues exist in versions prior to Intel IPDT 4.1.2.24. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1615",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "processor diagnostic tool",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "4.1.2.24"
},
{
"model": "processor diagnostic tool",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "for 32-bit 4.1.2.24 earlier"
},
{
"model": "processor diagnostic tool",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "for 64-bit 4.1.2.24 earlier"
},
{
"model": "solid state drives for data centers s4500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "scv10150 earlier"
},
{
"model": "ssd dc s4600 series",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "scv10150 earlier"
},
{
"model": "processor diagnostic tool",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "4.1.1.33"
},
{
"model": "processor diagnostic tool",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "4.1.0.27"
},
{
"model": "processor diagnostic tool",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "4.0.0.29"
},
{
"model": "processor diagnostic tool",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "4.1.2.24"
}
],
"sources": [
{
"db": "BID",
"id": "109096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:processor_diagnostic_tool:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.2.24",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jesse Michael from Eclypsium.",
"sources": [
{
"db": "BID",
"id": "109096"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
],
"trust": 0.9
},
"cve": "CVE-2019-11133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-142749",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-11133",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-535",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142749",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel Has released an update for each product.* Privilege escalation * INTEL-SA-00267 * CVE-2018-18095 * INTEL-SA-00268 * CVE-2019-11133 * Service operation interruption (DoS) attack * INTEL-SA-00268 * CVE-2019-11133 * information leak * INTEL-SA-00268 * CVE-2019-11133. Intel Processor Diagnostic Tool is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Permissions and access control issues exist in versions prior to Intel IPDT 4.1.2.24. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11133"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "BID",
"id": "109096"
},
{
"db": "VULHUB",
"id": "VHN-142749"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11133",
"trust": 2.8
},
{
"db": "BID",
"id": "109096",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU90203478",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142749",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "BID",
"id": "109096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
]
},
"id": "VAR-201907-1615",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:28:05.406000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[INTEL-SA-00267] Intel SSD DC S4500/S4600 Series Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00267.html"
},
{
"title": "[INTEL-SA-00268] Intel Processor Diagnostic Tool Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/109096"
},
{
"trust": 2.0,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11133"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k90305959"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k90305959?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.9,
"url": "http://www.intel.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11133"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90203478/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18095"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k90305959?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k90305959?utm_source=f5support\u0026amp;amp;utm_medium=rss"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "BID",
"id": "109096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "BID",
"id": "109096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-142749"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109096"
},
{
"date": "2019-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"date": "2019-07-11T21:15:09.670000",
"db": "NVD",
"id": "CVE-2019-11133"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142749"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109096"
},
{
"date": "2019-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"date": "2023-11-07T03:02:41.420000",
"db": "NVD",
"id": "CVE-2019-11133"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "109096"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…