Details of VAR-201906-0925

ID

VAR-201906-0925

CVE

CVE-2019-0182

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-004980

DESCRIPTION

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. WordPress for FooGallery The plugin contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Intel Open Cloud Integrity Technology (CIT) is a set of solutions from Intel Corporation for establishing a hardware root of trust and building a chain of trust between hardware, operating systems, hypervisors, virtual machines, and Docker containers. A path traversal vulnerability exists in Intel Open CIT. A local attacker could exploit this vulnerability to disclose information

Trust: 1.8

sources: NVD: CVE-2019-0182 // JVNDB: JVNDB-2019-014034 // VULHUB: VHN-140213 // VULMON: CVE-2019-0182

AFFECTED PRODUCTS

vendor:	intel	model:	openattestation	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	open cloud integrity tehnology	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	chipset device software	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute card	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute stick	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core i3	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core i5	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core x-series	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	omni-path fabric manager gui	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor 2000 series	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor 3000 series	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor g series	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	raid web console v3	scope:	eq	version:	for windows	Trust: 0.8
vendor:	intel	model:	sgx dcap linux driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx linux client driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	turbo boost max technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v3 family	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v5 family	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v7 family	Trust: 0.8
vendor:	intel	model:	ite tech* consumer infrared driver	scope:	eq	version:	for windows 10	Trust: 0.8
vendor:	intel	model:	open cloud integrity technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	openattestation	scope:	-	version:	-	Trust: 0.8
vendor:	fooplugins	model:	foogallery	scope:	eq	version:	1.8.12	Trust: 0.8

sources: JVNDB: JVNDB-2019-004980 // JVNDB: JVNDB-2019-014034 // NVD: CVE-2019-0182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0182
value:	LOW
Trust: 1.0
NVD:	CVE-2019-0182
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201906-571
value:	LOW
Trust: 0.6
VULHUB:	VHN-140213
value:	LOW
Trust: 0.1
VULMON:	CVE-2019-0182
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0182
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2019-0182
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-140213
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0182
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-0182
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-140213 // VULMON: CVE-2019-0182 // JVNDB: JVNDB-2019-014034 // CNNVD: CNNVD-201906-571 // NVD: CVE-2019-0182

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-79	Trust: 0.8
problemtype:	CWE-22	Trust: 0.1

sources: VULHUB: VHN-140213 // JVNDB: JVNDB-2019-014034 // NVD: CVE-2019-0182

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-571

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201906-571

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004980

PATCH

title:	[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html	Trust: 0.8
title:	[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html	Trust: 0.8
title:	[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html	Trust: 0.8
title:	[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html	Trust: 0.8
title:	[INTEL-SA-00264] Intel NUC Firmware Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html	Trust: 0.8
title:	[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html	Trust: 0.8
title:	[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html	Trust: 0.8
title:	[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html	Trust: 0.8
title:	[INTEL-SA-00235] Intel SGX for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html	Trust: 0.8
title:	[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html	Trust: 0.8
title:	[INTEL-SA-00247] Partial Physical Address Leakage Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html	Trust: 0.8
title:	FooGallery - Image Gallery WordPress Plugin	url:	https://wordpress.org/plugins/foogallery/	Trust: 0.8

sources: JVNDB: JVNDB-2019-004980 // JVNDB: JVNDB-2019-014034

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0182	Trust: 3.4
db:	JVN	id:	JVNVU95572531	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-004980	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-014034	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-571	Trust: 0.7
db:	VULHUB	id:	VHN-140213	Trust: 0.1
db:	VULMON	id:	CVE-2019-0182	Trust: 0.1

sources: VULHUB: VHN-140213 // VULMON: CVE-2019-0182 // JVNDB: JVNDB-2019-004980 // JVNDB: JVNDB-2019-014034 // CNNVD: CNNVD-201906-571 // NVD: CVE-2019-0182

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0182	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95572531	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0128	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0178	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11119	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0130	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0179	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11123	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0136	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0180	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11124	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0157	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0181	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11125	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0164	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11126	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0174	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0183	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11127	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0175	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11092	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11128	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3702	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0177	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11117	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11129	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20182	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20182	Trust: 0.8
url:	https://medium.com/@pablo0xsantiago/cve-2019-20182-foogallery-image-gallery-wordpress-plugin-1-8-12-stored-cross-site-scripting-d5864f1259f	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/in	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-140213 // VULMON: CVE-2019-0182 // JVNDB: JVNDB-2019-004980 // JVNDB: JVNDB-2019-014034 // CNNVD: CNNVD-201906-571 // NVD: CVE-2019-0182

SOURCES

db:	VULHUB	id:	VHN-140213
db:	VULMON	id:	CVE-2019-0182
db:	JVNDB	id:	JVNDB-2019-004980
db:	JVNDB	id:	JVNDB-2019-014034
db:	CNNVD	id:	CNNVD-201906-571
db:	NVD	id:	CVE-2019-0182

LAST UPDATE DATE

2024-11-23T20:47:37.919000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140213	date:	2023-03-03T00:00:00
db:	VULMON	id:	CVE-2019-0182	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-004980	date:	2019-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-014034	date:	2020-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201906-571	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0182	date:	2024-11-21T04:16:25.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140213	date:	2019-06-13T00:00:00
db:	VULMON	id:	CVE-2019-0182	date:	2019-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-004980	date:	2019-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-014034	date:	2020-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201906-571	date:	2019-06-13T00:00:00
db:	NVD	id:	CVE-2019-0182	date:	2019-06-13T16:29:01.187