Sign-up

ID

VAR-201905-1180


CVE

CVE-2019-0099


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) SPS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Server Platform Services (SPS) is a server platform service program of Intel Corporation. Permission and access control issues exist in subsystems of Intel SPS versions prior to SPS_E3_05.00.04.027.0. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.8

sources: NVD: CVE-2019-0099 // JVNDB: JVNDB-2019-004708 // VULHUB: VHN-140130 // VULMON: CVE-2019-0099

AFFECTED PRODUCTS

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_05.00.04.027.0

Trust: 1.8

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004708 // NVD: CVE-2019-0099

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0099
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0099
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-748
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140130
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-0099
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0099
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140130
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0099
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140130 // VULMON: CVE-2019-0099 // JVNDB: JVNDB-2019-004708 // CNNVD: CNNVD-201905-748 // NVD: CVE-2019-0099

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-140130 // JVNDB: JVNDB-2019-004708 // NVD: CVE-2019-0099

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-748

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.6
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:HP: HPSBHF03616 rev. 1  -  Intel CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03616
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=fd8d8d147c2dc58a9552ea19a80369fe
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=36bdf366c0b633d1ee0c20eab22574bc
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0099 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004708

EXTERNAL IDS
db:NVDid:CVE-2019-0099
Trust: 2.6
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004708
Trust: 0.8
db:CNNVDid:CNNVD-201905-748
Trust: 0.7
db:AUSCERTid:ASB-2019.0148.2
Trust: 0.6
db:LENOVOid:LEN-26293
Trust: 0.6
db:CNVDid:CNVD-2020-18586
Trust: 0.1
db:VULHUBid:VHN-140130
Trust: 0.1
db:VULMONid:CVE-2019-0099
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140130 // 
            
            
            
            VULMON: CVE-2019-0099 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004708 // 
            
            
            
            CNNVD: CNNVD-201905-748 // 
            
            
            
            NVD: CVE-2019-0099

REFERENCES
url:https://support.f5.com/csp/article/k30105730
Trust: 1.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0099
Trust: 1.4
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0099
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://support.lenovo.com/us/zh/solutions/len-26293
Trust: 0.6
url:https://www.auscert.org.au/bulletins/asb-2019.0148.2/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-26293
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.hp.com/us-en/document/c06330088
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140130 // 
            
            
            
            VULMON: CVE-2019-0099 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004708 // 
            
            
            
            CNNVD: CNNVD-201905-748 // 
            
            
            
            NVD: CVE-2019-0099

SOURCES
db:VULHUBid:VHN-140130
db:VULMONid:CVE-2019-0099
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004708
db:CNNVDid:CNNVD-201905-748
db:NVDid:CVE-2019-0099

LAST UPDATE DATE
2024-11-23T21:00:00.244000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140130date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-0099date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004708date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-748date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0099date:2024-11-21T04:16:13.720

SOURCES RELEASE DATE
db:VULHUBid:VHN-140130date:2019-05-17T00:00:00
db:VULMONid:CVE-2019-0099date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004708date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-748date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0099date:2019-05-17T16:29:01.500