var-201912-0874
Vulnerability from variot
Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Quartus Prime Pro Edition Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Quartus Prime Pro is a multi-platform design environment developed by Intel Corporation. This product is mainly used for programmable logic device programming. There is a security vulnerability in the installer of the License Server in versions prior to Intel Quartus Prime Pro 19.3. A local attacker could exploit this vulnerability to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0874",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartus prime",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "19.3"
},
{
"model": "quartus prime",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "pro 19.3"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "19.2"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "15.1"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "16.0"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "19.1"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "17.0"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "18.0"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "16.1"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "17.1"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "15.0"
},
{
"model": "quartus prime",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "18.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-578"
},
{
"db": "NVD",
"id": "CVE-2019-14603"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intel:quartus_prime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
}
]
},
"cve": "CVE-2019-14603",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-14603",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-146566",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-14603",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-14603",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-14603",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-14603",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-578",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-146566",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-578"
},
{
"db": "NVD",
"id": "CVE-2019-14603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper permissions in the installer for the License Server software for Intel\u00ae Quartus\u00ae Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Quartus Prime Pro Edition Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Quartus Prime Pro is a multi-platform design environment developed by Intel Corporation. This product is mainly used for programmable logic device programming. There is a security vulnerability in the installer of the License Server in versions prior to Intel Quartus Prime Pro 19.3. A local attacker could exploit this vulnerability to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14603"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"db": "VULHUB",
"id": "VHN-146566"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-14603",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU93632155",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013403",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-578",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4654",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-14841",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-146566",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-578"
},
{
"db": "NVD",
"id": "CVE-2019-14603"
}
]
},
"id": "VAR-201912-0874",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-146566"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:53:57.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00311",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00311.html"
},
{
"title": "Intel Quartus Prime Pro Edition Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105911"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"db": "NVD",
"id": "CVE-2019-14603"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00311.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14603"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14603"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93632155/"
},
{
"trust": 0.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00253.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4654/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-578"
},
{
"db": "NVD",
"id": "CVE-2019-14603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-146566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-578"
},
{
"db": "NVD",
"id": "CVE-2019-14603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-146566"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"date": "2019-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-578"
},
{
"date": "2019-12-16T20:15:14.947000",
"db": "NVD",
"id": "CVE-2019-14603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-146566"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013403"
},
{
"date": "2020-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-578"
},
{
"date": "2024-11-21T04:27:00.710000",
"db": "NVD",
"id": "CVE-2019-14603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-578"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Quartus Prime Pro Edition Inappropriate default permission vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013403"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-578"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…