VAR-201908-1941
Vulnerability from variot - Updated: 2023-12-18 12:50Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. An authorization issue vulnerability exists in Intel Driver & Support Assistant versions prior to 19.7.30.2. The vulnerability is caused by the program not properly validating files. A local attacker could exploit this vulnerability to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "driver \\\u0026 support assistant",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "19.7.30.2"
},
{
"model": "authenticate",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "3.8 earlier"
},
{
"model": "compute card",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "compute stick",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "computing improvement program",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "2.4.0.04733 earlier"
},
{
"model": "driver and support assistant",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "19.7.30.2 earlier"
},
{
"model": "nuc kit",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "processor identification utility",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "for windows 6.1.0731 earlier"
},
{
"model": "raid web console",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "2"
},
{
"model": "remote displays sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "2.0.1 r2 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "NVD",
"id": "CVE-2019-11145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:driver_\\\u0026_support_assistant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.7.30.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11145"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
],
"trust": 0.6
},
"cve": "CVE-2019-11145",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-142762",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-11145",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1256",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142762",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142762"
},
{
"db": "NVD",
"id": "CVE-2019-11145"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper file verification in Intel\u00ae Driver \u0026 Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Driver \u0026 Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. An authorization issue vulnerability exists in Intel Driver \u0026 Support Assistant versions prior to 19.7.30.2. The vulnerability is caused by the program not properly validating files. A local attacker could exploit this vulnerability to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11145"
},
{
"db": "VULHUB",
"id": "VHN-142762"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11145",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU99945432",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007558",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1256",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142762",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142762"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "NVD",
"id": "CVE-2019-11145"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
]
},
"id": "VAR-201908-1941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142762"
}
],
"trust": 0.35292397
},
"last_update_date": "2023-12-18T12:50:08.143000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[INTEL-SA-00283] Intel Computing Improvement Program Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
},
{
"title": "[INTEL-SA-00246] Intel RAID Web Console 2 Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html"
},
{
"title": "[INTEL-SA-00272] Intel NUC Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html"
},
{
"title": "[INTEL-SA-00275] Intel Authenticate Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html"
},
{
"title": "[INTEL-SA-00276] Intel Driver \u0026 Support Assistant Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html"
},
{
"title": "[INTEL-SA-00277] Intel Remote Displays SDK Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html"
},
{
"title": "[INTEL-SA-00281] Intel Processor Identification Utility for Windows* Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html"
},
{
"title": "Intel Driver \u0026 Support Assistant Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96899"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-275",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142762"
},
{
"db": "NVD",
"id": "CVE-2019-11145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11145"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11163"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11162"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0173"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11143"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11145"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11146"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11148"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99945432/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11163"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11162"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0173"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11140"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11143"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11146"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11148"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142762"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "NVD",
"id": "CVE-2019-11145"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142762"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "NVD",
"id": "CVE-2019-11145"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-142762"
},
{
"date": "2019-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"date": "2019-08-19T17:15:11.467000",
"db": "NVD",
"id": "CVE-2019-11145"
},
{
"date": "2019-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-142762"
},
{
"date": "2019-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"date": "2023-03-08T01:21:54.613000",
"db": "NVD",
"id": "CVE-2019-11145"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1256"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…