Details of VAR-201902-0792

ID

VAR-201902-0792

CVE

CVE-2019-0104

TITLE

Intel(R) Data Center Manager SDK Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-001861

DESCRIPTION

Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.98

sources: NVD: CVE-2019-0104 // JVNDB: JVNDB-2019-001861 // BID: 107109 // VULHUB: VHN-140135

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	5.0.2	Trust: 1.0
vendor:	intel	model:	data center manager sdk	scope:	lt	version:	5.0.2	Trust: 0.8
vendor:	intel	model:	data center manager sdk	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	intel	model:	data center manager sdk	scope:	ne	version:	5.0.2	Trust: 0.3

sources: BID: 107109 // JVNDB: JVNDB-2019-001861 // NVD: CVE-2019-0104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0104
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0104
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201902-692
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140135
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0104
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140135
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0104
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140135 // JVNDB: JVNDB-2019-001861 // CNNVD: CNNVD-201902-692 // NVD: CVE-2019-0104

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-140135 // JVNDB: JVNDB-2019-001861 // NVD: CVE-2019-0104

THREAT TYPE

local

Trust: 0.9

sources: BID: 107109 // CNNVD: CNNVD-201902-692

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201902-692

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001861

PATCH

title:	INTEL-SA-00215	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Trust: 0.8
title:	Intel Data Center Manager SDK Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89514	Trust: 0.6

sources: JVNDB: JVNDB-2019-001861 // CNNVD: CNNVD-201902-692

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-19-050-01	Trust: 2.8
db:	NVD	id:	CVE-2019-0104	Trust: 2.8
db:	BID	id:	107109	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001861	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-692	Trust: 0.7
db:	NSFOCUS	id:	42776	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0521	Trust: 0.6
db:	VULHUB	id:	VHN-140135	Trust: 0.1

sources: VULHUB: VHN-140135 // BID: 107109 // JVNDB: JVNDB-2019-001861 // CNNVD: CNNVD-201902-692 // NVD: CVE-2019-0104

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-050-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/107109	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0104	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0104	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/75830	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42776	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-140135 // BID: 107109 // JVNDB: JVNDB-2019-001861 // CNNVD: CNNVD-201902-692 // NVD: CVE-2019-0104

CREDITS

Intel’s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,vendor ??,DCG Red Team

Trust: 0.6

sources: CNNVD: CNNVD-201902-692

SOURCES

db:	VULHUB	id:	VHN-140135
db:	BID	id:	107109
db:	JVNDB	id:	JVNDB-2019-001861
db:	CNNVD	id:	CNNVD-201902-692
db:	NVD	id:	CVE-2019-0104

LAST UPDATE DATE

2024-11-23T22:00:06.816000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140135	date:	2020-08-24T00:00:00
db:	BID	id:	107109	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001861	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-692	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0104	date:	2024-11-21T04:16:14.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140135	date:	2019-02-18T00:00:00
db:	BID	id:	107109	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001861	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-692	date:	2019-02-18T00:00:00
db:	NVD	id:	CVE-2019-0104	date:	2019-02-18T17:29:00.487