Details of VAR-201902-0798

ID

VAR-201902-0798

CVE

CVE-2019-0110

TITLE

Intel Data Center Manager SDK Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-001832

DESCRIPTION

Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.98

sources: NVD: CVE-2019-0110 // JVNDB: JVNDB-2019-001832 // BID: 107071 // VULHUB: VHN-140141

AFFECTED PRODUCTS

vendor:	intel	model:	data center manager	scope:	lt	version:	5.0.2	Trust: 1.0
vendor:	intel	model:	data center manager sdk	scope:	lt	version:	5.0.2	Trust: 0.8
vendor:	intel	model:	data center manager sdk	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	data center manager sdk	scope:	ne	version:	5.0.2	Trust: 0.3

sources: BID: 107071 // JVNDB: JVNDB-2019-001832 // NVD: CVE-2019-0110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0110
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0110
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201902-706
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140141
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0110
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140141
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0110
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140141 // JVNDB: JVNDB-2019-001832 // CNNVD: CNNVD-201902-706 // NVD: CVE-2019-0110

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-140141 // JVNDB: JVNDB-2019-001832 // NVD: CVE-2019-0110

THREAT TYPE

local

Trust: 0.9

sources: BID: 107071 // CNNVD: CNNVD-201902-706

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201902-706

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001832

PATCH

title:	INTEL-SA-00215	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Trust: 0.8
title:	Intel Data Center Manager SDK Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89528	Trust: 0.6

sources: JVNDB: JVNDB-2019-001832 // CNNVD: CNNVD-201902-706

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0110	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-050-01	Trust: 2.5
db:	BID	id:	107071	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001832	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-706	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0521	Trust: 0.6
db:	NSFOCUS	id:	42779	Trust: 0.6
db:	VULHUB	id:	VHN-140141	Trust: 0.1

sources: VULHUB: VHN-140141 // BID: 107071 // JVNDB: JVNDB-2019-001832 // CNNVD: CNNVD-201902-706 // NVD: CVE-2019-0110

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-050-01	Trust: 3.1
url:	http://www.securityfocus.com/bid/107071	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0110	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0110	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/75830	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42779	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-140141 // BID: 107071 // JVNDB: JVNDB-2019-001832 // CNNVD: CNNVD-201902-706 // NVD: CVE-2019-0110

CREDITS

Intel’s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,vendor ??,DCG Red Team

Trust: 0.6

sources: CNNVD: CNNVD-201902-706

SOURCES

db:	VULHUB	id:	VHN-140141
db:	BID	id:	107071
db:	JVNDB	id:	JVNDB-2019-001832
db:	CNNVD	id:	CNNVD-201902-706
db:	NVD	id:	CVE-2019-0110

LAST UPDATE DATE

2024-11-23T22:00:07.007000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140141	date:	2020-08-24T00:00:00
db:	BID	id:	107071	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001832	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-706	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0110	date:	2024-11-21T04:16:14.933

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140141	date:	2019-02-18T00:00:00
db:	BID	id:	107071	date:	2019-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-001832	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201902-706	date:	2019-02-18T00:00:00
db:	NVD	id:	CVE-2019-0110	date:	2019-02-18T17:29:00.783