Details of VAR-201906-1228

ID

VAR-201906-1228

CVE

CVE-2019-11117

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-004980

DESCRIPTION

Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local attack. Intel Omni-Path Fabric Manager GUI is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Intel Omni-Path Fabric Manager GUI prior to 10.9.2.1.1 are vulnerable

Trust: 1.26

sources: NVD: CVE-2019-11117 // BID: 108788 // VULHUB: VHN-142731

AFFECTED PRODUCTS

vendor:	intel	model:	omni-path fabric manager gui	scope:	lt	version:	10.9.2.1.1	Trust: 1.0
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	chipset device software	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute card	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute stick	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core i3	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core i5	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	core x-series	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	omni-path fabric manager gui	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor 2000 series	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor 3000 series	Trust: 0.8
vendor:	intel	model:	pentium	scope:	eq	version:	processor g series	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	raid web console v3	scope:	eq	version:	for windows	Trust: 0.8
vendor:	intel	model:	sgx dcap linux driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx linux client driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	turbo boost max technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v3 family	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v5 family	Trust: 0.8
vendor:	intel	model:	xeon	scope:	eq	version:	processor e7 v7 family	Trust: 0.8
vendor:	intel	model:	ite tech* consumer infrared driver	scope:	eq	version:	for windows 10	Trust: 0.8
vendor:	intel	model:	open cloud integrity technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	openattestation	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	omni-path fabric manager gui	scope:	eq	version:	10.9.2.0.7	Trust: 0.3
vendor:	intel	model:	omni-path fabric manager gui	scope:	eq	version:	10.9.0.0.208	Trust: 0.3
vendor:	intel	model:	omni-path fabric manager gui	scope:	eq	version:	10.9.0.0.206	Trust: 0.3
vendor:	intel	model:	omni-path fabric manager gui	scope:	eq	version:	10.7.0.0.145	Trust: 0.3
vendor:	intel	model:	omni-path fabric manager gui	scope:	eq	version:	10.0.1.0.45	Trust: 0.3
vendor:	intel	model:	omni-path fabric manager gui	scope:	eq	version:	10.0.0.0.691	Trust: 0.3
vendor:	intel	model:	omni-path fabric manager gui	scope:	ne	version:	10.9.2.1.1	Trust: 0.3

sources: BID: 108788 // JVNDB: JVNDB-2019-004980 // NVD: CVE-2019-11117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11117
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201906-576
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142731
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11117
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-142731
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11117
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-142731 // CNNVD: CNNVD-201906-576 // NVD: CVE-2019-11117

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-275	Trust: 0.1

sources: VULHUB: VHN-142731 // NVD: CVE-2019-11117

THREAT TYPE

local

Trust: 0.9

sources: BID: 108788 // CNNVD: CNNVD-201906-576

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201906-576

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004980

PATCH

title:	[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html	Trust: 0.8
title:	[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html	Trust: 0.8
title:	[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html	Trust: 0.8
title:	[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html	Trust: 0.8
title:	[INTEL-SA-00264] Intel NUC Firmware Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html	Trust: 0.8
title:	[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html	Trust: 0.8
title:	[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html	Trust: 0.8
title:	[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html	Trust: 0.8
title:	[INTEL-SA-00235] Intel SGX for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html	Trust: 0.8
title:	[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html	Trust: 0.8
title:	[INTEL-SA-00247] Partial Physical Address Leakage Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html	Trust: 0.8
title:	Intel Omni-Path Fabric Manager GUI Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93798	Trust: 0.6

sources: JVNDB: JVNDB-2019-004980 // CNNVD: CNNVD-201906-576

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11117	Trust: 2.8
db:	BID	id:	108788	Trust: 2.0
db:	JVN	id:	JVNVU95572531	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-004980	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-576	Trust: 0.7
db:	CNVD	id:	CNVD-2020-18596	Trust: 0.1
db:	VULHUB	id:	VHN-142731	Trust: 0.1

sources: VULHUB: VHN-142731 // BID: 108788 // JVNDB: JVNDB-2019-004980 // CNNVD: CNNVD-201906-576 // NVD: CVE-2019-11117

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/108788	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/in	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11117	Trust: 1.4
url:	http://www.intel.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95572531	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0128	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0178	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11119	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0130	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0179	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11123	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0136	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0180	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11124	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0157	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0181	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11125	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0164	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0182	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11126	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0174	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0183	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11127	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0175	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11092	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11128	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3702	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0177	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11129	Trust: 0.8

sources: VULHUB: VHN-142731 // BID: 108788 // JVNDB: JVNDB-2019-004980 // CNNVD: CNNVD-201906-576 // NVD: CVE-2019-11117

CREDITS

Marius Gabriel Mihai.

Trust: 0.9

sources: BID: 108788 // CNNVD: CNNVD-201906-576

SOURCES

db:	VULHUB	id:	VHN-142731
db:	BID	id:	108788
db:	JVNDB	id:	JVNDB-2019-004980
db:	CNNVD	id:	CNNVD-201906-576
db:	NVD	id:	CVE-2019-11117

LAST UPDATE DATE

2024-11-23T20:23:19.382000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142731	date:	2023-03-02T00:00:00
db:	BID	id:	108788	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-004980	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201906-576	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-11117	date:	2024-11-21T04:20:33.943

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142731	date:	2019-06-13T00:00:00
db:	BID	id:	108788	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-004980	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201906-576	date:	2019-06-13T00:00:00
db:	NVD	id:	CVE-2019-11117	date:	2019-06-13T16:29:01.293