var-201907-1615
Vulnerability from variot
Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel Has released an update for each product.* Privilege escalation * INTEL-SA-00267 * CVE-2018-18095 * INTEL-SA-00268 * CVE-2019-11133 * Service operation interruption (DoS) attack * INTEL-SA-00268 * CVE-2019-11133 * information leak * INTEL-SA-00268 * CVE-2019-11133. Intel Processor Diagnostic Tool is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Permissions and access control issues exist in versions prior to Intel IPDT 4.1.2.24. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1615",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "processor diagnostic tool",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "4.1.2.24"
},
{
"model": "processor diagnostic tool",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "for 32-bit 4.1.2.24 earlier"
},
{
"model": "processor diagnostic tool",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "for 64-bit 4.1.2.24 earlier"
},
{
"model": "solid state drives for data centers s4500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "scv10150 earlier"
},
{
"model": "ssd dc s4600 series",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "scv10150 earlier"
},
{
"model": "processor diagnostic tool",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "4.1.1.33"
},
{
"model": "processor diagnostic tool",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "4.1.0.27"
},
{
"model": "processor diagnostic tool",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "4.0.0.29"
},
{
"model": "processor diagnostic tool",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "4.1.2.24"
}
],
"sources": [
{
"db": "BID",
"id": "109096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intel:processor_diagnostic_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ssd_dc_s4500_series",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ssd_dc_s4600_series",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jesse Michael from Eclypsium.",
"sources": [
{
"db": "BID",
"id": "109096"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
],
"trust": 0.9
},
"cve": "CVE-2019-11133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11133",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-142749",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-11133",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11133",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-535",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142749",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel Has released an update for each product.* Privilege escalation * INTEL-SA-00267 * CVE-2018-18095 * INTEL-SA-00268 * CVE-2019-11133 * Service operation interruption (DoS) attack * INTEL-SA-00268 * CVE-2019-11133 * information leak * INTEL-SA-00268 * CVE-2019-11133. Intel Processor Diagnostic Tool is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Permissions and access control issues exist in versions prior to Intel IPDT 4.1.2.24. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11133"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "BID",
"id": "109096"
},
{
"db": "VULHUB",
"id": "VHN-142749"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11133",
"trust": 2.8
},
{
"db": "BID",
"id": "109096",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU90203478",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142749",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "BID",
"id": "109096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"id": "VAR-201907-1615",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:37:45.942000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[INTEL-SA-00267] Intel SSD DC S4500/S4600 Series Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00267.html"
},
{
"title": "[INTEL-SA-00268] Intel Processor Diagnostic Tool Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/109096"
},
{
"trust": 2.0,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11133"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k90305959"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k90305959?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.9,
"url": "http://www.intel.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11133"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90203478/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18095"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k90305959?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k90305959?utm_source=f5support\u0026amp;amp;utm_medium=rss"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "BID",
"id": "109096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142749"
},
{
"db": "BID",
"id": "109096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
},
{
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-142749"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109096"
},
{
"date": "2019-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-535"
},
{
"date": "2019-07-11T21:15:09.670000",
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142749"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109096"
},
{
"date": "2019-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006137"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-535"
},
{
"date": "2024-11-21T04:20:35.467000",
"db": "NVD",
"id": "CVE-2019-11133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "109096"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006137"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-535"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…