cvelistv5 - CVE-2019-14568

CVE-2019-14568 (GCVE-0-2019-14568)

Vulnerability from cvelistv5

Published

2019-12-16 19:12

Modified

2024-08-05 00:19

Severity ?

CWE

Escalation of Privilege

Summary

Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.

References

URL

	Vendor	Product	Version
	n/a	Intel(R) RST	Version: before version 17.7.0.1006

CERTFR-2019-AVI-623

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel Quartus Prime Pro Edition versions antérieures à 19.3
Intel	N/A	Intel FPGA SDK for OpenCL versions antérieures à 19.3 et sans le correctif de sécurité 0.24
Intel	N/A	Intel RST versions antérieures à 17.7.0.1006
Intel	N/A	Intel Ethernet I218 Adapter driver for Windows 10 versions antérieures à 24.1
Intel	N/A	Linux Administrative Tools for Intel Network Adapters versions antérieures à 24.3
Intel	N/A	Intel Dynamic Platform et Thermal Framework sans le dernier correctif de sécurité
Intel	N/A	Control Center-I versions 2.1.0.0 et antérieures
Intel	N/A	Intel NUC ; voir le site du constructeur pour la liste complète des produits vulnérables (cf. section Documentation)
Intel	N/A	les processeurs Intel ; voir le site du constructeur pour la liste complète des produits vulnérables (cf. section Documentation)
Intel	N/A	Intel SCS Platform Discovery Utility (produit considéré comme obsolète par Intel)

References

Title

Publication Time

gsd-2019-14568

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.

Aliases

CVE-2019-14568

Aliases

CVE-2019-14568

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-14568",
    "description": "Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.",
    "id": "GSD-2019-14568"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-14568"
      ],
      "details": "Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.",
      "id": "GSD-2019-14568",
      "modified": "2023-12-13T01:23:53.275059Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2019-14568",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) RST",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before version 17.7.0.1006"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html"
          },
          {
            "name": "https://support.f5.com/csp/article/K38424406?utm_source=f5support\u0026amp;utm_medium=RSS",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K38424406?utm_source=f5support\u0026amp;utm_medium=RSS"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:rapid_storage_technology:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "17.7.0.1006",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-14568"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K38424406?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.f5.com/csp/article/K38424406?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-01-09T07:15Z",
      "publishedDate": "2019-12-16T20:15Z"
    }
  }
}

var-201912-0871

Vulnerability from variot

Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) RST Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Rapid Storage Technology (RST) is a fast storage technology developed by Intel Corporation, which mainly consists of firmware, hardware and software RAID systems. A security vulnerability exists in versions prior to Intel RST 17.7.0.1006. A local attacker could exploit this vulnerability to elevate privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0871",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rapid storage technology",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "17.7.0.1006"
      },
      {
        "model": "rapid store technology",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "17.7.0.1006"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "15.9.0.1015"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "16.7"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "15.8.1.1007"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "17.5.2.1024"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "14.8.16.1063"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "15.2.16.1060"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "11.7.0.1013"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "13.6.0.1002"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "14.0.0.1143"
      },
      {
        "model": "rapid storage technology",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "16.8.0.1000"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14568"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:intel:rapid_storage_technology",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      }
    ]
  },
  "cve": "CVE-2019-14568",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-14568",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-146527",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-14568",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-14568",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-14568",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-14568",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-431",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-146527",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14568"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) RST Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Rapid Storage Technology (RST) is a fast storage technology developed by Intel Corporation, which mainly consists of firmware, hardware and software RAID systems. A security vulnerability exists in versions prior to Intel RST 17.7.0.1006. A local attacker could exploit this vulnerability to elevate privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "db": "VULHUB",
        "id": "VHN-146527"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-14568",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVNVU93632155",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4650",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-29840",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-14843",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-146527",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14568"
      }
    ]
  },
  "id": "VAR-201912-0871",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146527"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:53:43.561000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00324",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html"
      },
      {
        "title": "Intel Rapid Storage Technology Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105740"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-276",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14568"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14568"
      },
      {
        "trust": 1.0,
        "url": "https://support.f5.com/csp/article/k38424406?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14568"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93632155/"
      },
      {
        "trust": 0.6,
        "url": "https://support.f5.com/csp/article/k38424406?utm_source=f5support\u0026utm_medium=rss"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-29840"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4650/"
      },
      {
        "trust": 0.1,
        "url": "https://support.f5.com/csp/article/k38424406?utm_source=f5support\u0026amp;amp;utm_medium=rss"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-146527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14568"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-146527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14568"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-146527"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "date": "2019-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      },
      {
        "date": "2019-12-16T20:15:14.820000",
        "db": "NVD",
        "id": "CVE-2019-14568"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-146527"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      },
      {
        "date": "2020-01-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      },
      {
        "date": "2024-11-21T04:26:58.527000",
        "db": "NVD",
        "id": "CVE-2019-14568"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel(R) RST Inappropriate default permission vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013402"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-431"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2019-14568

Vulnerability from fkie_nvd

Published

2019-12-16 20:15

Modified

2024-11-21 04:26

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.

References

URL	Tags
secure@intel.com	https://support.f5.com/csp/article/K38424406?utm_source=f5support&amp%3Butm_medium=RSS
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K38424406?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	rapid_storage_technology	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:rapid_storage_technology:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70654AD3-CFF0-4FF0-A625-07A0F0442259",
              "versionEndExcluding": "17.7.0.1006",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "Unos permisos inapropiados en el ejecutable para Intel(R) RST versiones anteriores a 17.7.0.1006, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local."
    }
  ],
  "id": "CVE-2019-14568",
  "lastModified": "2024-11-21T04:26:58.527",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-16T20:15:14.820",
  "references": [
    {
      "source": "secure@intel.com",
      "url": "https://support.f5.com/csp/article/K38424406?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K38424406?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-pcm2-8c47-427p

Vulnerability from github

Published

2022-05-24 17:03

Modified

2022-05-24 17:03

Details

Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-14568"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-16T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-pcm2-8c47-427p",
  "modified": "2022-05-24T17:03:42Z",
  "published": "2022-05-24T17:03:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14568"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K38424406?utm_source=f5support\u0026amp;utm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-14568 (GCVE-0-2019-14568)

Vulnerability from cvelistv5

CERTFR-2019-AVI-623

Vulnerability from certfr_avis

Solution

gsd-2019-14568

Vulnerability from gsd

var-201912-0871

Vulnerability from variot

fkie_cve-2019-14568

Vulnerability from fkie_nvd

ghsa-pcm2-8c47-427p

Vulnerability from github

Tags

Sightings

Nomenclature