Details of VAR-201902-0790

ID

VAR-201902-0790

CVE

CVE-2019-0102

TITLE

Intel(R) Data Center Manager SDK Session fixation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001859

DESCRIPTION

Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) Data Center Manager SDK Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Data Center Manager SDK is prone to multiple privilege-escalation vulnerabilities. An attackers may exploit this issue to gain elevated privileges. Intel Data Center Manager SDK version prior 5.0.2 are vulnerable. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.98

sources: NVD: CVE-2019-0102 // JVNDB: JVNDB-2019-001859 // BID: 107069 // VULHUB: VHN-140133

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	5.0.2	Trust: 1.0
vendor:	intel	model:	data center manager sdk	scope:	lt	version:	5.0.2	Trust: 0.8
vendor:	intel	model:	data center manager sdk	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	data center manager sdk	scope:	ne	version:	5.0.2	Trust: 0.3

sources: BID: 107069 // JVNDB: JVNDB-2019-001859 // NVD: CVE-2019-0102

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0102
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-0102
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201902-698
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140133
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0102
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140133
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0102
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140133 // JVNDB: JVNDB-2019-001859 // CNNVD: CNNVD-201902-698 // NVD: CVE-2019-0102

PROBLEMTYPE DATA

problemtype:

CWE-384

Trust: 1.9

sources: VULHUB: VHN-140133 // JVNDB: JVNDB-2019-001859 // NVD: CVE-2019-0102

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201902-698

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201902-698

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001859

PATCH

title:	INTEL-SA-00215	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Trust: 0.8
title:	Intel Data Center Manager SDK Web Server security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89520	Trust: 0.6

sources: JVNDB: JVNDB-2019-001859 // CNNVD: CNNVD-201902-698

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0102	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-050-01	Trust: 2.5
db:	BID	id:	107069	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001859	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-698	Trust: 0.7
db:	NSFOCUS	id:	42775	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0521	Trust: 0.6
db:	VULHUB	id:	VHN-140133	Trust: 0.1

sources: VULHUB: VHN-140133 // BID: 107069 // JVNDB: JVNDB-2019-001859 // CNNVD: CNNVD-201902-698 // NVD: CVE-2019-0102

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-050-01	Trust: 3.1
url:	http://www.securityfocus.com/bid/107069	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html	Trust: 2.0
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0102	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0102	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/75830	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42775	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-140133 // BID: 107069 // JVNDB: JVNDB-2019-001859 // CNNVD: CNNVD-201902-698 // NVD: CVE-2019-0102

CREDITS

Intel’s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,DCG Red Team.,vendor ??

Trust: 0.6

sources: CNNVD: CNNVD-201902-698

SOURCES

db:	VULHUB	id:	VHN-140133
db:	BID	id:	107069
db:	JVNDB	id:	JVNDB-2019-001859
db:	CNNVD	id:	CNNVD-201902-698
db:	NVD	id:	CVE-2019-0102

LAST UPDATE DATE

2024-11-23T22:00:06.784000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140133	date:	2020-07-28T00:00:00
db:	BID	id:	107069	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001859	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-698	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2019-0102	date:	2024-11-21T04:16:13.973

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140133	date:	2019-02-18T00:00:00
db:	BID	id:	107069	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001859	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-698	date:	2019-02-18T00:00:00
db:	NVD	id:	CVE-2019-0102	date:	2019-02-18T17:29:00.407