Sign-up

ID

VAR-201906-1229


CVE

CVE-2019-11119


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-004980

DESCRIPTION

Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel RAID Web Console 3 is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges. Intel RAID Web Console 3 4.186 and prior are vulnerable. There is a security vulnerability in the service API of Intel RWC3 4.186 and earlier versions. The vulnerability is caused by the program not fully authenticating the session

Trust: 1.35

sources: NVD: CVE-2019-11119 // BID: 108780 // VULHUB: VHN-142733 // VULMON: CVE-2019-11119

AFFECTED PRODUCTS

vendor:intelmodel:raid web console 3scope:lteversion:4.186

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:chipset device softwarescope: - version: -

Trust: 0.8

vendor:intelmodel:compute cardscope: - version: -

Trust: 0.8

vendor:intelmodel:compute stickscope: - version: -

Trust: 0.8

vendor:intelmodel:core i3scope: - version: -

Trust: 0.8

vendor:intelmodel:core i5scope: - version: -

Trust: 0.8

vendor:intelmodel:core x-seriesscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kitscope: - version: -

Trust: 0.8

vendor:intelmodel:omni-path fabric manager guiscope: - version: -

Trust: 0.8

vendor:intelmodel:pentiumscope:eqversion:processor 2000 series

Trust: 0.8

vendor:intelmodel:pentiumscope:eqversion:processor 3000 series

Trust: 0.8

vendor:intelmodel:pentiumscope:eqversion:processor g series

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:raid web console v3scope:eqversion:for windows

Trust: 0.8

vendor:intelmodel:sgx dcap linux driverscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx linux client driverscope: - version: -

Trust: 0.8

vendor:intelmodel:turbo boost max technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:xeonscope:eqversion:processor e7 v3 family

Trust: 0.8

vendor:intelmodel:xeonscope:eqversion:processor e7 v5 family

Trust: 0.8

vendor:intelmodel:xeonscope:eqversion:processor e7 v7 family

Trust: 0.8

vendor:intelmodel:ite tech* consumer infrared driverscope:eqversion:for windows 10

Trust: 0.8

vendor:intelmodel:open cloud integrity technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:openattestationscope: - version: -

Trust: 0.8

vendor:intelmodel:raid web consolescope:eqversion:34.186

Trust: 0.3

vendor:intelmodel:raid web consolescope:eqversion:34.185

Trust: 0.3

vendor:intelmodel:raid web consolescope:neversion:37.009.011.000

Trust: 0.3

sources: BID: 108780 // JVNDB: JVNDB-2019-004980 // NVD: CVE-2019-11119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11119
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-201906-575
value: CRITICAL

Trust: 0.6

VULHUB: VHN-142733
value: HIGH

Trust: 0.1

VULMON: CVE-2019-11119
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11119
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-142733
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11119
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-142733 // VULMON: CVE-2019-11119 // CNNVD: CNNVD-201906-575 // NVD: CVE-2019-11119

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-142733 // NVD: CVE-2019-11119

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-575

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201906-575

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004980

PATCH
title:[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html
Trust: 0.8
title:[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html
Trust: 0.8
title:[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html
Trust: 0.8
title:[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html
Trust: 0.8
title:[INTEL-SA-00264] Intel NUC Firmware Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
Trust: 0.8
title:[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html
Trust: 0.8
title:[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html
Trust: 0.8
title:[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html
Trust: 0.8
title:[INTEL-SA-00235] Intel SGX for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html
Trust: 0.8
title:[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html
Trust: 0.8
title:[INTEL-SA-00247] Partial Physical Address Leakage Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html
Trust: 0.8
title:Intel RAID Web Console 3 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93797
Trust: 0.6
title:Threatposturl:https://threatpost.com/intel-patches-nuc-firmware/145620/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-11119 // 
            
            
            
            JVNDB: JVNDB-2019-004980 // 
            
            
            
            CNNVD: CNNVD-201906-575

EXTERNAL IDS
db:NVDid:CVE-2019-11119
Trust: 2.9
db:BIDid:108780
Trust: 2.1
db:JVNid:JVNVU95572531
Trust: 0.8
db:JVNDBid:JVNDB-2019-004980
Trust: 0.8
db:CNNVDid:CNNVD-201906-575
Trust: 0.7
db:CNVDid:CNVD-2020-18597
Trust: 0.1
db:VULHUBid:VHN-142733
Trust: 0.1
db:VULMONid:CVE-2019-11119
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142733 // 
            
            
            
            VULMON: CVE-2019-11119 // 
            
            
            
            BID: 108780 // 
            
            
            
            JVNDB: JVNDB-2019-004980 // 
            
            
            
            CNNVD: CNNVD-201906-575 // 
            
            
            
            NVD: CVE-2019-11119

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html
Trust: 2.1
url:http://www.securityfocus.com/bid/108780
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-11119
Trust: 1.4
url:http://www.intel.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95572531
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0128
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0178
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0130
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0179
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11123
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0136
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0180
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11124
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0157
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0181
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11125
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0164
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0182
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11126
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0174
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0183
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11127
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0175
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11092
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11128
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3702
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0177
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11117
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11129
Trust: 0.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/in
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/intel-patches-nuc-firmware/145620/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142733 // 
            
            
            
            VULMON: CVE-2019-11119 // 
            
            
            
            BID: 108780 // 
            
            
            
            JVNDB: JVNDB-2019-004980 // 
            
            
            
            CNNVD: CNNVD-201906-575 // 
            
            
            
            NVD: CVE-2019-11119

CREDITS
Alexander Gutkin
Trust: 0.9
sources:
            
            
            BID: 108780 // 
            
            
            
            CNNVD: CNNVD-201906-575

SOURCES
db:VULHUBid:VHN-142733
db:VULMONid:CVE-2019-11119
db:BIDid:108780
db:JVNDBid:JVNDB-2019-004980
db:CNNVDid:CNNVD-201906-575
db:NVDid:CVE-2019-11119

LAST UPDATE DATE
2024-11-23T21:15:41.606000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142733date:2023-03-01T00:00:00
db:VULMONid:CVE-2019-11119date:2023-03-01T00:00:00
db:BIDid:108780date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-004980date:2019-06-13T00:00:00
db:CNNVDid:CNNVD-201906-575date:2020-08-25T00:00:00
db:NVDid:CVE-2019-11119date:2024-11-21T04:20:34.063

SOURCES RELEASE DATE
db:VULHUBid:VHN-142733date:2019-06-13T00:00:00
db:VULMONid:CVE-2019-11119date:2019-06-13T00:00:00
db:BIDid:108780date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-004980date:2019-06-13T00:00:00
db:CNNVDid:CNNVD-201906-575date:2019-06-13T00:00:00
db:NVDid:CVE-2019-11119date:2019-06-13T16:29:01.327