Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-0181 (GCVE-0-2019-0181)
Vulnerability from cvelistv5 – Published: 2019-06-13 15:36 – Updated: 2024-08-04 17:44
VLAI?
EPSS
Summary
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Open Cloud Integrity Technology and OpenAttestation |
Affected:
All versions of Open CIT and OpenAttestation.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Cloud Integrity Technology and OpenAttestation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions of Open CIT and OpenAttestation."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-24T15:29:13.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Cloud Integrity Technology and OpenAttestation",
"version": {
"version_data": [
{
"version_value": "All versions of Open CIT and OpenAttestation."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0181",
"datePublished": "2019-06-13T15:36:25.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:14.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:open_cloud_integrity_tehnology:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2286603F-73B7-4D14-AEF5-6994CC3D9772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:openattestation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"350B549B-6825-43AE-9754-65F04045E0DF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.\"}, {\"lang\": \"es\", \"value\": \"Protecci\\u00f3n de contrase\\u00f1a insuficiente en la base de datos de atestaci\\u00f3n para abrir la CIT puede permitir un usuario identificado para habilitar potencialmente la revelaci\\u00f3n mediante el acceso local.\"}]",
"id": "CVE-2019-0181",
"lastModified": "2024-11-21T04:16:25.380",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-06-13T16:29:01.137",
"references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0181\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2019-06-13T16:29:01.137\",\"lastModified\":\"2024-11-21T04:16:25.380\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.\"},{\"lang\":\"es\",\"value\":\"Protecci\u00f3n de contrase\u00f1a insuficiente en la base de datos de atestaci\u00f3n para abrir la CIT puede permitir un usuario identificado para habilitar potencialmente la revelaci\u00f3n mediante el acceso local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:open_cloud_integrity_tehnology:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2286603F-73B7-4D14-AEF5-6994CC3D9772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:openattestation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"350B549B-6825-43AE-9754-65F04045E0DF\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CVE-2019-0181
Vulnerability from fstec - Published: 11.06.2019
VLAI Severity ?
Title
Уязвимость средства создания облачных сервисов Open Cloud Integrity Technology и агента OpenAttestation, связанная с ошибками при проверке входных данных, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость средства создания облачных сервисов Open Cloud Integrity Technology и агента OpenAttestation связана с ошибками при проверке входных данных. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии с использованием специально сформированного запроса
Severity ?
Vendor
Intel Corp.
Software Name
Open Cloud Integrity Technology, OpenAttestation
Software Version
- (Open Cloud Integrity Technology), - (OpenAttestation)
Possible Mitigations
Использование рекомендаций:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html
Reference
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html
https://vuldb.com/?id.136454
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Intel Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Open Cloud Integrity Technology), - (OpenAttestation)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.06.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.06.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02178",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-0181",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Open Cloud Integrity Technology, OpenAttestation",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Open Cloud Integrity Technology \u0438 \u0430\u0433\u0435\u043d\u0442\u0430 OpenAttestation, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Open Cloud Integrity Technology \u0438 \u0430\u0433\u0435\u043d\u0442\u0430 OpenAttestation \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html\nhttps://vuldb.com/?id.136454",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,7)"
}
FKIE_CVE-2019-0181
Vulnerability from fkie_nvd - Published: 2019-06-13 16:29 - Updated: 2024-11-21 04:16
Severity ?
Summary
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | open_cloud_integrity_tehnology | - | |
| intel | openattestation | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:open_cloud_integrity_tehnology:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2286603F-73B7-4D14-AEF5-6994CC3D9772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:openattestation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "350B549B-6825-43AE-9754-65F04045E0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Protecci\u00f3n de contrase\u00f1a insuficiente en la base de datos de atestaci\u00f3n para abrir la CIT puede permitir un usuario identificado para habilitar potencialmente la revelaci\u00f3n mediante el acceso local."
}
],
"id": "CVE-2019-0181",
"lastModified": "2024-11-21T04:16:25.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-13T16:29:01.137",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-201906-0924
Vulnerability from variot - Updated: 2023-12-18 11:47Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Both Intel Open Cloud Integrity Technology (CIT) and Intel OpenAttestation are products of Intel Corporation. Intel Open Cloud Integrity Technology is a set of solutions for establishing a hardware root of trust and building a chain of trust between hardware, operating systems, hypervisors, virtual machines, and Docker containers. Intel OpenAttestation is an open source project for managing host integrity verification using the remote attestation protocol defined by the TCG. Input validation error vulnerabilities exist in Intel Open CIT and OpenAttestation. A local attacker could exploit this vulnerability to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0924",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openattestation",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "open cloud integrity tehnology",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "accelerated storage manager",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "chipset device software",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "compute card",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "compute stick",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core x-series",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "omni-path fabric manager gui",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "pentium",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "processor 2000 series"
},
{
"model": "pentium",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "processor 3000 series"
},
{
"model": "pentium",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "processor g series"
},
{
"model": "proset/wireless software driver",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "raid web console v3",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "for windows"
},
{
"model": "sgx dcap linux driver",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "sgx linux client driver",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "turbo boost max technology",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "processor e7 v3 family"
},
{
"model": "xeon",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "processor e7 v5 family"
},
{
"model": "xeon",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "processor e7 v7 family"
},
{
"model": "ite tech* consumer infrared driver",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "for windows 10"
},
{
"model": "open cloud integrity technology",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "openattestation",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004980"
},
{
"db": "NVD",
"id": "CVE-2019-0181"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:openattestation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:open_cloud_integrity_tehnology:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0181"
}
]
},
"cve": "CVE-2019-0181",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-140212",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-0181",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-570",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-140212",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140212"
},
{
"db": "NVD",
"id": "CVE-2019-0181"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-570"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Both Intel Open Cloud Integrity Technology (CIT) and Intel OpenAttestation are products of Intel Corporation. Intel Open Cloud Integrity Technology is a set of solutions for establishing a hardware root of trust and building a chain of trust between hardware, operating systems, hypervisors, virtual machines, and Docker containers. Intel OpenAttestation is an open source project for managing host integrity verification using the remote attestation protocol defined by the TCG. Input validation error vulnerabilities exist in Intel Open CIT and OpenAttestation. A local attacker could exploit this vulnerability to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0181"
},
{
"db": "VULHUB",
"id": "VHN-140212"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0181",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95572531",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004980",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-570",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-140212",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140212"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004980"
},
{
"db": "NVD",
"id": "CVE-2019-0181"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-570"
}
]
},
"id": "VAR-201906-0924",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-140212"
}
],
"trust": 0.35292397
},
"last_update_date": "2023-12-18T11:47:38.429000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
},
{
"title": "[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html"
},
{
"title": "[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html"
},
{
"title": "[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html"
},
{
"title": "[INTEL-SA-00264] Intel NUC Firmware Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"title": "[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html"
},
{
"title": "[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
},
{
"title": "[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html"
},
{
"title": "[INTEL-SA-00235] Intel SGX for Linux Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html"
},
{
"title": "[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html"
},
{
"title": "[INTEL-SA-00247] Partial Physical Address Leakage Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004980"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140212"
},
{
"db": "NVD",
"id": "CVE-2019-0181"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0181"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95572531"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0128"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0178"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11119"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0130"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0179"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11123"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0136"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0180"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11124"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0157"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11125"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0164"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0182"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11126"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0174"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0183"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11127"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0175"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11092"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11128"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3702"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11117"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11129"
},
{
"trust": 0.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/in"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140212"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004980"
},
{
"db": "NVD",
"id": "CVE-2019-0181"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-570"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-140212"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004980"
},
{
"db": "NVD",
"id": "CVE-2019-0181"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-570"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-140212"
},
{
"date": "2019-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004980"
},
{
"date": "2019-06-13T16:29:01.137000",
"db": "NVD",
"id": "CVE-2019-0181"
},
{
"date": "2019-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-570"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-140212"
},
{
"date": "2019-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004980"
},
{
"date": "2023-02-27T16:38:46.587000",
"db": "NVD",
"id": "CVE-2019-0181"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-570"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-570"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-570"
}
],
"trust": 0.6
}
}
CERTFR-2019-AVI-271
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel Core X-series Processors, 4th Generation Intel Core i5 Processors,4th Generation Intel Core i3 Processors, Intel Pentium Processor G Series, Intel Pentium Processor 3000 Series, Intel Celeron Processor 2000 Series, Intel Xeon Processor E7 v3 Family, Intel Xeon Processor E5 v3 Family et Intel Xeon Processor E3 v3 Family | ||
| Intel | N/A | ITE Tech Consumer Infrared Driver pour Windows 10 versions antérieures à 5.4.3.0 | ||
| Intel | N/A | Intel NUC, vérifier sur le site du constructeur pour les versions vulnérables (cf. section Documentation). | ||
| Intel | N/A | Intel Omni-Path Fabric Manager GUI versions antérieures à 10.9.2.1.1 | ||
| Intel | N/A | Intel Accelerated Storage Manager dans Intel RSTe versions antérieures à 5.5.0.2015 | ||
| Intel | N/A | Intel RAID Web Console 3 pour Windows versions antérieures à 7.009.011.000 | ||
| Intel | N/A | Intel Turbo Boost Max Technology 3.0 microgiciels versions 1.0.0.1035 et antérieures | ||
| Intel | N/A | Intel PROSet/Wireless WiFi Software versions antérieures à 21.10 pour Microsoft Windows 7, 8.1 et 10 | ||
| Intel | N/A | Intel SGX DCAP Linux driver versions antérieures à 1.1 | ||
| Intel | N/A | Intel Chipset Device Software (INF Update Utility) versions antérieures à 10.1.1.45 | ||
| Intel | N/A | Intel SGX Linux client driver versions antérieures à 2.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel Core X-series Processors, 4th Generation Intel Core i5 Processors,4th Generation Intel Core i3 Processors, Intel Pentium Processor G Series, Intel Pentium Processor 3000 Series, Intel Celeron Processor 2000 Series, Intel Xeon Processor E7 v3 Family, Intel Xeon Processor E5 v3 Family et Intel Xeon Processor E3 v3 Family",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "ITE Tech Consumer Infrared Driver pour Windows 10 versions ant\u00e9rieures \u00e0 5.4.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC, v\u00e9rifier sur le site du constructeur pour les versions vuln\u00e9rables (cf. section Documentation).",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Omni-Path Fabric Manager GUI versions ant\u00e9rieures \u00e0 10.9.2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Accelerated Storage Manager dans Intel RSTe versions ant\u00e9rieures \u00e0 5.5.0.2015",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel RAID Web Console 3 pour Windows versions ant\u00e9rieures \u00e0 7.009.011.000",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Turbo Boost Max Technology 3.0 microgiciels versions 1.0.0.1035 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel PROSet/Wireless WiFi Software versions ant\u00e9rieures \u00e0 21.10 pour Microsoft Windows 7, 8.1 et 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX DCAP Linux driver versions ant\u00e9rieures \u00e0 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Chipset Device Software (INF Update Utility) versions ant\u00e9rieures \u00e0 10.1.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX Linux client driver versions ant\u00e9rieures \u00e0 2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11125"
},
{
"name": "CVE-2019-0178",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0178"
},
{
"name": "CVE-2019-0174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0174"
},
{
"name": "CVE-2019-11117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11117"
},
{
"name": "CVE-2019-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0130"
},
{
"name": "CVE-2019-11124",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11124"
},
{
"name": "CVE-2019-0164",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0164"
},
{
"name": "CVE-2019-0181",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0181"
},
{
"name": "CVE-2019-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0179"
},
{
"name": "CVE-2019-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0128"
},
{
"name": "CVE-2019-11127",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11127"
},
{
"name": "CVE-2019-11126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11126"
},
{
"name": "CVE-2019-0175",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0175"
},
{
"name": "CVE-2019-0180",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0180"
},
{
"name": "CVE-2019-11129",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11129"
},
{
"name": "CVE-2018-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3702"
},
{
"name": "CVE-2019-0177",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0177"
},
{
"name": "CVE-2019-11092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11092"
},
{
"name": "CVE-2019-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0136"
},
{
"name": "CVE-2019-0183",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0183"
},
{
"name": "CVE-2019-0182",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0182"
},
{
"name": "CVE-2019-0157",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0157"
},
{
"name": "CVE-2019-11119",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11119"
},
{
"name": "CVE-2019-11128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11128"
},
{
"name": "CVE-2019-11123",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11123"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-271",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00259 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00232 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00206 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00235 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00243 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00257 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00224 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00226 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00247 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00264 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00248 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
]
}
CERTFR-2019-AVI-271
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel Core X-series Processors, 4th Generation Intel Core i5 Processors,4th Generation Intel Core i3 Processors, Intel Pentium Processor G Series, Intel Pentium Processor 3000 Series, Intel Celeron Processor 2000 Series, Intel Xeon Processor E7 v3 Family, Intel Xeon Processor E5 v3 Family et Intel Xeon Processor E3 v3 Family | ||
| Intel | N/A | ITE Tech Consumer Infrared Driver pour Windows 10 versions antérieures à 5.4.3.0 | ||
| Intel | N/A | Intel NUC, vérifier sur le site du constructeur pour les versions vulnérables (cf. section Documentation). | ||
| Intel | N/A | Intel Omni-Path Fabric Manager GUI versions antérieures à 10.9.2.1.1 | ||
| Intel | N/A | Intel Accelerated Storage Manager dans Intel RSTe versions antérieures à 5.5.0.2015 | ||
| Intel | N/A | Intel RAID Web Console 3 pour Windows versions antérieures à 7.009.011.000 | ||
| Intel | N/A | Intel Turbo Boost Max Technology 3.0 microgiciels versions 1.0.0.1035 et antérieures | ||
| Intel | N/A | Intel PROSet/Wireless WiFi Software versions antérieures à 21.10 pour Microsoft Windows 7, 8.1 et 10 | ||
| Intel | N/A | Intel SGX DCAP Linux driver versions antérieures à 1.1 | ||
| Intel | N/A | Intel Chipset Device Software (INF Update Utility) versions antérieures à 10.1.1.45 | ||
| Intel | N/A | Intel SGX Linux client driver versions antérieures à 2.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel Core X-series Processors, 4th Generation Intel Core i5 Processors,4th Generation Intel Core i3 Processors, Intel Pentium Processor G Series, Intel Pentium Processor 3000 Series, Intel Celeron Processor 2000 Series, Intel Xeon Processor E7 v3 Family, Intel Xeon Processor E5 v3 Family et Intel Xeon Processor E3 v3 Family",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "ITE Tech Consumer Infrared Driver pour Windows 10 versions ant\u00e9rieures \u00e0 5.4.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC, v\u00e9rifier sur le site du constructeur pour les versions vuln\u00e9rables (cf. section Documentation).",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Omni-Path Fabric Manager GUI versions ant\u00e9rieures \u00e0 10.9.2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Accelerated Storage Manager dans Intel RSTe versions ant\u00e9rieures \u00e0 5.5.0.2015",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel RAID Web Console 3 pour Windows versions ant\u00e9rieures \u00e0 7.009.011.000",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Turbo Boost Max Technology 3.0 microgiciels versions 1.0.0.1035 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel PROSet/Wireless WiFi Software versions ant\u00e9rieures \u00e0 21.10 pour Microsoft Windows 7, 8.1 et 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX DCAP Linux driver versions ant\u00e9rieures \u00e0 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Chipset Device Software (INF Update Utility) versions ant\u00e9rieures \u00e0 10.1.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX Linux client driver versions ant\u00e9rieures \u00e0 2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11125"
},
{
"name": "CVE-2019-0178",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0178"
},
{
"name": "CVE-2019-0174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0174"
},
{
"name": "CVE-2019-11117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11117"
},
{
"name": "CVE-2019-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0130"
},
{
"name": "CVE-2019-11124",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11124"
},
{
"name": "CVE-2019-0164",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0164"
},
{
"name": "CVE-2019-0181",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0181"
},
{
"name": "CVE-2019-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0179"
},
{
"name": "CVE-2019-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0128"
},
{
"name": "CVE-2019-11127",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11127"
},
{
"name": "CVE-2019-11126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11126"
},
{
"name": "CVE-2019-0175",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0175"
},
{
"name": "CVE-2019-0180",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0180"
},
{
"name": "CVE-2019-11129",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11129"
},
{
"name": "CVE-2018-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3702"
},
{
"name": "CVE-2019-0177",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0177"
},
{
"name": "CVE-2019-11092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11092"
},
{
"name": "CVE-2019-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0136"
},
{
"name": "CVE-2019-0183",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0183"
},
{
"name": "CVE-2019-0182",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0182"
},
{
"name": "CVE-2019-0157",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0157"
},
{
"name": "CVE-2019-11119",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11119"
},
{
"name": "CVE-2019-11128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11128"
},
{
"name": "CVE-2019-11123",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11123"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-271",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00259 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00232 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00206 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00235 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00243 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00257 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00224 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00226 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00247 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00264 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00248 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
]
}
GSD-2019-0181
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0181",
"description": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GSD-2019-0181"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0181"
],
"details": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GSD-2019-0181",
"modified": "2023-12-13T01:23:39.069621Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Cloud Integrity Technology and OpenAttestation",
"version": {
"version_data": [
{
"version_value": "All versions of Open CIT and OpenAttestation."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:openattestation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:open_cloud_integrity_tehnology:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0181"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-27T16:38Z",
"publishedDate": "2019-06-13T16:29Z"
}
}
}
GHSA-F4WX-2WWW-663M
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2023-02-27 18:32
VLAI?
Details
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
Severity ?
6.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-0181"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-13T16:29:00Z",
"severity": "MODERATE"
},
"details": "Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-f4wx-2www-663m",
"modified": "2023-02-27T18:32:07Z",
"published": "2022-05-24T16:47:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0181"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/in"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2019-29216
Vulnerability from cnvd - Published: 2019-08-29
VLAI Severity ?
Title
Intel Open Cloud Integrity Technology和Intel OpenAttestation输入验证错误漏洞
Description
Intel Open Cloud Integrity Technology(CIT)和Intel OpenAttestation都是美国英特尔(Intel)公司的产品。Intel Open Cloud Integrity Technology是一套用于建立硬件信任根,并在硬件、操作系统、虚拟机管理程序、虚拟机和Docker容器之间构建信任链的方案。Intel OpenAttestation是一款用于使用TCG定义的远程证明协议管理主机完整性验证的开源项目。
Intel Open CIT和OpenAttestation中存在输入验证错误漏洞。攻击者可利用该漏洞提升权限。
Severity
中
Patch Name
Intel Open Cloud Integrity Technology和Intel OpenAttestation输入验证错误漏洞的补丁
Patch Description
Intel Open Cloud Integrity Technology(CIT)和Intel OpenAttestation都是美国英特尔(Intel)公司的产品。Intel Open Cloud Integrity Technology是一套用于建立硬件信任根,并在硬件、操作系统、虚拟机管理程序、虚拟机和Docker容器之间构建信任链的方案。Intel OpenAttestation是一款用于使用TCG定义的远程证明协议管理主机完整性验证的开源项目。
Intel Open CIT和OpenAttestation中存在输入验证错误漏洞。攻击者可利用该漏洞提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html
Reference
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html
Impacted products
| Name | Intel Open CIT |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-0181"
}
},
"description": "Intel Open Cloud Integrity Technology\uff08CIT\uff09\u548cIntel OpenAttestation\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Open Cloud Integrity Technology\u662f\u4e00\u5957\u7528\u4e8e\u5efa\u7acb\u786c\u4ef6\u4fe1\u4efb\u6839\uff0c\u5e76\u5728\u786c\u4ef6\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3001\u865a\u62df\u673a\u548cDocker\u5bb9\u5668\u4e4b\u95f4\u6784\u5efa\u4fe1\u4efb\u94fe\u7684\u65b9\u6848\u3002Intel OpenAttestation\u662f\u4e00\u6b3e\u7528\u4e8e\u4f7f\u7528TCG\u5b9a\u4e49\u7684\u8fdc\u7a0b\u8bc1\u660e\u534f\u8bae\u7ba1\u7406\u4e3b\u673a\u5b8c\u6574\u6027\u9a8c\u8bc1\u7684\u5f00\u6e90\u9879\u76ee\u3002\n\nIntel Open CIT\u548cOpenAttestation\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
"discovererName": "Intel",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-29216",
"openTime": "2019-08-29",
"patchDescription": "Intel Open Cloud Integrity Technology\uff08CIT\uff09\u548cIntel OpenAttestation\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Open Cloud Integrity Technology\u662f\u4e00\u5957\u7528\u4e8e\u5efa\u7acb\u786c\u4ef6\u4fe1\u4efb\u6839\uff0c\u5e76\u5728\u786c\u4ef6\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3001\u865a\u62df\u673a\u548cDocker\u5bb9\u5668\u4e4b\u95f4\u6784\u5efa\u4fe1\u4efb\u94fe\u7684\u65b9\u6848\u3002Intel OpenAttestation\u662f\u4e00\u6b3e\u7528\u4e8e\u4f7f\u7528TCG\u5b9a\u4e49\u7684\u8fdc\u7a0b\u8bc1\u660e\u534f\u8bae\u7ba1\u7406\u4e3b\u673a\u5b8c\u6574\u6027\u9a8c\u8bc1\u7684\u5f00\u6e90\u9879\u76ee\u3002\r\n\r\nIntel Open CIT\u548cOpenAttestation\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Intel Open Cloud Integrity Technology\u548cIntel OpenAttestation\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Intel Open CIT"
},
"referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html",
"serverity": "\u4e2d",
"submitTime": "2019-06-14",
"title": "Intel Open Cloud Integrity Technology\u548cIntel OpenAttestation\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…