Sign-up

ID

VAR-201902-0797


CVE

CVE-2019-0109


TITLE

Intel Data Center Manager SDK Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-001846

DESCRIPTION

Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Data Center Manager SDK is prone to multiple privilege-escalation vulnerabilities. An attackers may exploit this issue to gain elevated privileges. Intel Data Center Manager SDK version prior 5.0.2 are vulnerable. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.98

sources: NVD: CVE-2019-0109 // JVNDB: JVNDB-2019-001846 // BID: 107069 // VULHUB: VHN-140140

AFFECTED PRODUCTS

vendor:intelmodel:data center managerscope:ltversion:5.0.2

Trust: 1.0

vendor:intelmodel:data center manager sdkscope:ltversion:5.0.2

Trust: 0.8

vendor:intelmodel:data center manager sdkscope:eqversion:0

Trust: 0.3

vendor:intelmodel:data center manager sdkscope:neversion:5.0.2

Trust: 0.3

sources: BID: 107069 // JVNDB: JVNDB-2019-001846 // NVD: CVE-2019-0109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0109
value: HIGH

Trust: 1.0

NVD: CVE-2019-0109
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-708
value: HIGH

Trust: 0.6

VULHUB: VHN-140140
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0109
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140140
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0109
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140140 // JVNDB: JVNDB-2019-001846 // CNNVD: CNNVD-201902-708 // NVD: CVE-2019-0109

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-140140 // JVNDB: JVNDB-2019-001846 // NVD: CVE-2019-0109

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-708

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201902-708

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001846

PATCH
title:INTEL-SA-00215url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html
Trust: 0.8
title:Intel Data Center Manager SDK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89530
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001846 // 
            
            
            
            CNNVD: CNNVD-201902-708

EXTERNAL IDS
db:NVDid:CVE-2019-0109
Trust: 2.8
db:ICS CERTid:ICSA-19-050-01
Trust: 2.5
db:BIDid:107069
Trust: 2.0
db:JVNDBid:JVNDB-2019-001846
Trust: 0.8
db:CNNVDid:CNNVD-201902-708
Trust: 0.7
db:NSFOCUSid:42777
Trust: 0.6
db:AUSCERTid:ESB-2019.0521
Trust: 0.6
db:VULHUBid:VHN-140140
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140140 // 
            
            
            
            BID: 107069 // 
            
            
            
            JVNDB: JVNDB-2019-001846 // 
            
            
            
            CNNVD: CNNVD-201902-708 // 
            
            
            
            NVD: CVE-2019-0109

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-050-01
Trust: 3.1
url:http://www.securityfocus.com/bid/107069
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-0109
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0109
Trust: 0.8
url:https://www.auscert.org.au/bulletins/75830
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42777
Trust: 0.6
url:http://www.intel.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-140140 // 
            
            
            
            BID: 107069 // 
            
            
            
            JVNDB: JVNDB-2019-001846 // 
            
            
            
            CNNVD: CNNVD-201902-708 // 
            
            
            
            NVD: CVE-2019-0109

CREDITS
Intel’s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,DCG Red Team.,vendor ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-708

SOURCES
db:VULHUBid:VHN-140140
db:BIDid:107069
db:JVNDBid:JVNDB-2019-001846
db:CNNVDid:CNNVD-201902-708
db:NVDid:CVE-2019-0109

LAST UPDATE DATE
2024-11-23T22:00:06.846000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140140date:2020-08-24T00:00:00
db:BIDid:107069date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001846date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201902-708date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0109date:2024-11-21T04:16:14.820

SOURCES RELEASE DATE
db:VULHUBid:VHN-140140date:2019-02-18T00:00:00
db:BIDid:107069date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001846date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201902-708date:2019-02-18T00:00:00
db:NVDid:CVE-2019-0109date:2019-02-18T17:29:00.720