Details of VAR-201902-0793

ID

VAR-201902-0793

CVE

CVE-2019-0105

TITLE

Intel(R) Data Center Manager SDK Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-001862

DESCRIPTION

Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access. Intel Data Center Manager SDK is prone to multiple privilege-escalation vulnerabilities. An attackers may exploit this issue to gain elevated privileges. Intel Data Center Manager SDK version prior 5.0.2 are vulnerable. This product mainly provides real-time power supply and heat dissipation data of equipment. The vulnerability stems from insufficient checks of file permissions

Trust: 1.98

sources: NVD: CVE-2019-0105 // JVNDB: JVNDB-2019-001862 // BID: 107069 // VULHUB: VHN-140136

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	5.0.2	Trust: 1.0
vendor:	intel	model:	data center manager sdk	scope:	lt	version:	5.0.2	Trust: 0.8
vendor:	intel	model:	data center manager sdk	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	data center manager sdk	scope:	ne	version:	5.0.2	Trust: 0.3

sources: BID: 107069 // JVNDB: JVNDB-2019-001862 // NVD: CVE-2019-0105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0105
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-0105
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201902-694
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140136
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0105
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140136
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0105
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140136 // JVNDB: JVNDB-2019-001862 // CNNVD: CNNVD-201902-694 // NVD: CVE-2019-0105

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-140136 // JVNDB: JVNDB-2019-001862 // NVD: CVE-2019-0105

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-694

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201902-694

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001862

PATCH

title:	INTEL-SA-00215	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Trust: 0.8
title:	Intel Data Center Manager SDK Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89516	Trust: 0.6

sources: JVNDB: JVNDB-2019-001862 // CNNVD: CNNVD-201902-694

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0105	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-050-01	Trust: 2.5
db:	BID	id:	107069	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001862	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-694	Trust: 0.7
db:	NSFOCUS	id:	42772	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0521	Trust: 0.6
db:	VULHUB	id:	VHN-140136	Trust: 0.1

sources: VULHUB: VHN-140136 // BID: 107069 // JVNDB: JVNDB-2019-001862 // CNNVD: CNNVD-201902-694 // NVD: CVE-2019-0105

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-050-01	Trust: 3.1
url:	http://www.securityfocus.com/bid/107069	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0105	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0105	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/75830	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42772	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-140136 // BID: 107069 // JVNDB: JVNDB-2019-001862 // CNNVD: CNNVD-201902-694 // NVD: CVE-2019-0105

CREDITS

Intel’s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,DCG Red Team.,vendor ??

Trust: 0.6

sources: CNNVD: CNNVD-201902-694

SOURCES

db:	VULHUB	id:	VHN-140136
db:	BID	id:	107069
db:	JVNDB	id:	JVNDB-2019-001862
db:	CNNVD	id:	CNNVD-201902-694
db:	NVD	id:	CVE-2019-0105

LAST UPDATE DATE

2024-11-23T22:00:06.940000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140136	date:	2020-08-24T00:00:00
db:	BID	id:	107069	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001862	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-694	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0105	date:	2024-11-21T04:16:14.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140136	date:	2019-02-18T00:00:00
db:	BID	id:	107069	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001862	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-694	date:	2019-02-18T00:00:00
db:	NVD	id:	CVE-2019-0105	date:	2019-02-18T17:29:00.533