Details of VAR-201902-0794

ID

VAR-201902-0794

CVE

CVE-2019-0106

TITLE

Intel(R) Data Center Manager SDK Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001863

DESCRIPTION

Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) Data Center Manager SDK Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Data Center Manager SDK is prone to multiple privilege-escalation vulnerabilities. An attackers may exploit this issue to gain elevated privileges. Intel Data Center Manager SDK version prior 5.0.2 are vulnerable. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.98

sources: NVD: CVE-2019-0106 // JVNDB: JVNDB-2019-001863 // BID: 107069 // VULHUB: VHN-140137

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	5.0.2	Trust: 1.0
vendor:	intel	model:	data center manager sdk	scope:	lt	version:	5.0.2	Trust: 0.8
vendor:	intel	model:	data center manager sdk	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	data center manager sdk	scope:	ne	version:	5.0.2	Trust: 0.3

sources: BID: 107069 // JVNDB: JVNDB-2019-001863 // NVD: CVE-2019-0106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0106
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0106
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201902-697
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140137
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0106
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140137
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0106
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140137 // JVNDB: JVNDB-2019-001863 // CNNVD: CNNVD-201902-697 // NVD: CVE-2019-0106

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-140137 // JVNDB: JVNDB-2019-001863 // NVD: CVE-2019-0106

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-697

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107069 // CNNVD: CNNVD-201902-697

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001863

PATCH

title:	INTEL-SA-00215	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Trust: 0.8
title:	Intel Data Center Manager SDK Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89519	Trust: 0.6

sources: JVNDB: JVNDB-2019-001863 // CNNVD: CNNVD-201902-697

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0106	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-050-01	Trust: 2.5
db:	BID	id:	107069	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001863	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-697	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0521	Trust: 0.6
db:	NSFOCUS	id:	42774	Trust: 0.6
db:	VULHUB	id:	VHN-140137	Trust: 0.1

sources: VULHUB: VHN-140137 // BID: 107069 // JVNDB: JVNDB-2019-001863 // CNNVD: CNNVD-201902-697 // NVD: CVE-2019-0106

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-050-01	Trust: 3.1
url:	http://www.securityfocus.com/bid/107069	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0106	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0106	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/75830	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42774	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-140137 // BID: 107069 // JVNDB: JVNDB-2019-001863 // CNNVD: CNNVD-201902-697 // NVD: CVE-2019-0106

CREDITS

Intel’s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,DCG Red Team.,vendor

Trust: 0.6

sources: CNNVD: CNNVD-201902-697

SOURCES

db:	VULHUB	id:	VHN-140137
db:	BID	id:	107069
db:	JVNDB	id:	JVNDB-2019-001863
db:	CNNVD	id:	CNNVD-201902-697
db:	NVD	id:	CVE-2019-0106

LAST UPDATE DATE

2024-11-23T22:00:07.100000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140137	date:	2019-02-28T00:00:00
db:	BID	id:	107069	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001863	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-697	date:	2021-07-26T00:00:00
db:	NVD	id:	CVE-2019-0106	date:	2024-11-21T04:16:14.467

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140137	date:	2019-02-18T00:00:00
db:	BID	id:	107069	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001863	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-697	date:	2019-02-18T00:00:00
db:	NVD	id:	CVE-2019-0106	date:	2019-02-18T17:29:00.580