Details of VAR-201902-0795

ID

VAR-201902-0795

CVE

CVE-2019-0107

TITLE

Intel Data Center Manager SDK Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-001844

DESCRIPTION

Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) Data Center Manager SDK Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Data Center Manager SDK is prone to multiple privilege-escalation vulnerabilities. An attackers may exploit this issue to gain elevated privileges. Intel Data Center Manager SDK version prior 5.0.2 are vulnerable. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.98

sources: NVD: CVE-2019-0107 // JVNDB: JVNDB-2019-001844 // BID: 107069 // VULHUB: VHN-140138

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	5.0.2	Trust: 1.0
vendor:	intel	model:	data center manager sdk	scope:	lt	version:	5.0.2	Trust: 0.8
vendor:	intel	model:	data center manager sdk	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	data center manager sdk	scope:	ne	version:	5.0.2	Trust: 0.3

sources: BID: 107069 // JVNDB: JVNDB-2019-001844 // NVD: CVE-2019-0107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0107
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0107
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201902-695
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140138
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0107
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140138
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0107
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140138 // JVNDB: JVNDB-2019-001844 // CNNVD: CNNVD-201902-695 // NVD: CVE-2019-0107

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-140138 // JVNDB: JVNDB-2019-001844 // NVD: CVE-2019-0107

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-695

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201902-695

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001844

PATCH

title:	INTEL-SA-00215	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Trust: 0.8
title:	Intel Data Center Manager SDK Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89517	Trust: 0.6

sources: JVNDB: JVNDB-2019-001844 // CNNVD: CNNVD-201902-695

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0107	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-050-01	Trust: 2.5
db:	BID	id:	107069	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001844	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-695	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0521	Trust: 0.6
db:	NSFOCUS	id:	42773	Trust: 0.6
db:	VULHUB	id:	VHN-140138	Trust: 0.1

sources: VULHUB: VHN-140138 // BID: 107069 // JVNDB: JVNDB-2019-001844 // CNNVD: CNNVD-201902-695 // NVD: CVE-2019-0107

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-050-01	Trust: 3.1
url:	http://www.securityfocus.com/bid/107069	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0107	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0107	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/75830	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42773	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-140138 // BID: 107069 // JVNDB: JVNDB-2019-001844 // CNNVD: CNNVD-201902-695 // NVD: CVE-2019-0107

CREDITS

Intel’s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,DCG Red Team.,vendor ??

Trust: 0.6

sources: CNNVD: CNNVD-201902-695

SOURCES

db:	VULHUB	id:	VHN-140138
db:	BID	id:	107069
db:	JVNDB	id:	JVNDB-2019-001844
db:	CNNVD	id:	CNNVD-201902-695
db:	NVD	id:	CVE-2019-0107

LAST UPDATE DATE

2024-11-23T22:00:06.908000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140138	date:	2020-08-24T00:00:00
db:	BID	id:	107069	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001844	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-695	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0107	date:	2024-11-21T04:16:14.580

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140138	date:	2019-02-18T00:00:00
db:	BID	id:	107069	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001844	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-695	date:	2019-02-18T00:00:00
db:	NVD	id:	CVE-2019-0107	date:	2019-02-18T17:29:00.627