Details of VAR-201906-0919

ID

VAR-201906-0919

CVE

CVE-2019-0175

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-004980

DESCRIPTION

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Intel OpenAttestation is an open source project of Intel Corporation for managing host integrity verification using the remote attestation protocol defined by TCG. A permissions and access control issue vulnerability exists in the authentication process in Intel OpenAttestation due to the program's failure to adequately authenticate sessions. A local attacker could exploit this vulnerability to elevate privileges

Trust: 0.99

sources: NVD: CVE-2019-0175 // VULHUB: VHN-140206

AFFECTED PRODUCTS

vendor:	intel	model:	openattestation	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	open cloud integrity tehnology	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	chipset device software	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute card	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute stick	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core i3	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core i5	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core x-series	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	omni-path fabric manager gui	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor 2000 series	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor 3000 series	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor g series	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	raid web console v3	scope:	eq	version:	for windows	Trust: 0.8
vendor:	intel	model:	sgx dcap linux driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx linux client driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	turbo boost max technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v3 family	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v5 family	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v7 family	Trust: 0.8
vendor:	intel	model:	ite tech* consumer infrared driver	scope:	eq	version:	for windows 10	Trust: 0.8
vendor:	intel	model:	open cloud integrity technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	openattestation	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-004980 // NVD: CVE-2019-0175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0175
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201906-569
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140206
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0175
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-140206
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0175
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-140206 // CNNVD: CNNVD-201906-569 // NVD: CVE-2019-0175

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-264	Trust: 0.1

sources: VULHUB: VHN-140206 // NVD: CVE-2019-0175

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-569

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201906-569

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004980

PATCH

title:	[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html	Trust: 0.8
title:	[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html	Trust: 0.8
title:	[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html	Trust: 0.8
title:	[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html	Trust: 0.8
title:	[INTEL-SA-00264] Intel NUC Firmware Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html	Trust: 0.8
title:	[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html	Trust: 0.8
title:	[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html	Trust: 0.8
title:	[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html	Trust: 0.8
title:	[INTEL-SA-00235] Intel SGX for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html	Trust: 0.8
title:	[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html	Trust: 0.8
title:	[INTEL-SA-00247] Partial Physical Address Leakage Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html	Trust: 0.8

sources: JVNDB: JVNDB-2019-004980

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0175	Trust: 2.5
db:	JVN	id:	JVNVU95572531	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-004980	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-569	Trust: 0.7
db:	VULHUB	id:	VHN-140206	Trust: 0.1

sources: VULHUB: VHN-140206 // JVNDB: JVNDB-2019-004980 // CNNVD: CNNVD-201906-569 // NVD: CVE-2019-0175

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0175	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95572531	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0128	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0178	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11119	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0130	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0179	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11123	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0136	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0180	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11124	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0157	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0181	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11125	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0164	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0182	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11126	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0174	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0183	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11127	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11092	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11128	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3702	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0177	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11117	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11129	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/in	Trust: 0.6

sources: VULHUB: VHN-140206 // JVNDB: JVNDB-2019-004980 // CNNVD: CNNVD-201906-569 // NVD: CVE-2019-0175

SOURCES

db:	VULHUB	id:	VHN-140206
db:	JVNDB	id:	JVNDB-2019-004980
db:	CNNVD	id:	CNNVD-201906-569
db:	NVD	id:	CVE-2019-0175

LAST UPDATE DATE

2024-11-23T20:45:00.971000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140206	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-004980	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201906-569	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0175	date:	2024-11-21T04:16:24.787

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140206	date:	2019-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-004980	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201906-569	date:	2019-06-13T00:00:00
db:	NVD	id:	CVE-2019-0175	date:	2019-06-13T16:29:00.937