Details of VAR-201906-0914

ID

VAR-201906-0914

CVE

CVE-2019-0164

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-004980

DESCRIPTION

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. A local attacker can exploit this issue to gain elevated privileges

Trust: 1.26

sources: NVD: CVE-2019-0164 // BID: 108770 // VULHUB: VHN-140195

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinkstation p410	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkstation p910	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkstation p710	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	turbo boost max technology 3.0	scope:	lte	version:	1.0.0.1035	Trust: 1.0
vendor:	lenovo	model:	thinkstation p510	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	chipset device software	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute card	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute stick	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core i3	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core i5	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core x-series	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	omni-path fabric manager gui	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor 2000 series	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor 3000 series	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor g series	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	raid web console v3	scope:	eq	version:	for windows	Trust: 0.8
vendor:	intel	model:	sgx dcap linux driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx linux client driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	turbo boost max technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v3 family	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v5 family	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v7 family	Trust: 0.8
vendor:	intel	model:	ite tech* consumer infrared driver	scope:	eq	version:	for windows 10	Trust: 0.8
vendor:	intel	model:	open cloud integrity technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	openattestation	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	turbo boost max technology	scope:	eq	version:	3.01.0.0.1035	Trust: 0.3

sources: BID: 108770 // JVNDB: JVNDB-2019-004980 // NVD: CVE-2019-0164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0164
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201906-532
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140195
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0164
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-140195
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0164
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-140195 // CNNVD: CNNVD-201906-532 // NVD: CVE-2019-0164

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.1

sources: VULHUB: VHN-140195 // NVD: CVE-2019-0164

THREAT TYPE

local

Trust: 0.9

sources: BID: 108770 // CNNVD: CNNVD-201906-532

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201906-532

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004980

PATCH

title:	[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html	Trust: 0.8
title:	[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html	Trust: 0.8
title:	[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html	Trust: 0.8
title:	[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html	Trust: 0.8
title:	[INTEL-SA-00264] Intel NUC Firmware Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html	Trust: 0.8
title:	[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html	Trust: 0.8
title:	[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html	Trust: 0.8
title:	[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html	Trust: 0.8
title:	[INTEL-SA-00235] Intel SGX for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html	Trust: 0.8
title:	[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html	Trust: 0.8
title:	[INTEL-SA-00247] Partial Physical Address Leakage Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html	Trust: 0.8

sources: JVNDB: JVNDB-2019-004980

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0164	Trust: 2.8
db:	BID	id:	108770	Trust: 2.0
db:	LENOVO	id:	LEN-27841	Trust: 1.7
db:	JVN	id:	JVNVU95572531	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-004980	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-532	Trust: 0.7
db:	VULHUB	id:	VHN-140195	Trust: 0.1

sources: VULHUB: VHN-140195 // BID: 108770 // JVNDB: JVNDB-2019-004980 // CNNVD: CNNVD-201906-532 // NVD: CVE-2019-0164

REFERENCES

url:	http://www.securityfocus.com/bid/108770	Trust: 2.3
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html	Trust: 2.0
url:	https://support.lenovo.com/us/en/product_security/len-27841	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0164	Trust: 1.4
url:	http://www.intel.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95572531	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0128	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0178	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11119	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0130	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0179	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11123	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0136	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0180	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11124	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0157	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0181	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11125	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0182	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11126	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0174	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0183	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11127	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0175	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11092	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11128	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3702	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0177	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11117	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11129	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/in	Trust: 0.6
url:	https://support.lenovo.com/us/zh/product_security/len-27841	Trust: 0.6

sources: VULHUB: VHN-140195 // BID: 108770 // JVNDB: JVNDB-2019-004980 // CNNVD: CNNVD-201906-532 // NVD: CVE-2019-0164

CREDITS

Marius Gabriel Mihai.

Trust: 0.9

sources: BID: 108770 // CNNVD: CNNVD-201906-532

SOURCES

db:	VULHUB	id:	VHN-140195
db:	BID	id:	108770
db:	JVNDB	id:	JVNDB-2019-004980
db:	CNNVD	id:	CNNVD-201906-532
db:	NVD	id:	CVE-2019-0164

LAST UPDATE DATE

2024-11-23T20:41:24.920000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140195	date:	2023-03-02T00:00:00
db:	BID	id:	108770	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-004980	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201906-532	date:	2019-06-20T00:00:00
db:	NVD	id:	CVE-2019-0164	date:	2024-11-21T04:16:23.300

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140195	date:	2019-06-13T00:00:00
db:	BID	id:	108770	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-004980	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201906-532	date:	2019-06-11T00:00:00
db:	NVD	id:	CVE-2019-0164	date:	2019-06-13T16:29:00.840