Sign-up

ID

VAR-201912-1711


CVE

CVE-2019-0159


TITLE

Linux Administrative Tools for Intel(R) Network Adapters Vulnerability in Permission Management

Trust: 0.8

sources: JVNDB: JVNDB-2019-013807

DESCRIPTION

Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.8

sources: NVD: CVE-2019-0159 // JVNDB: JVNDB-2019-013807 // VULHUB: VHN-140190 // VULMON: CVE-2019-0159

AFFECTED PRODUCTS

vendor:intelmodel:administrative tools for intel network adaptersscope:ltversion:24.3

Trust: 1.8

sources: JVNDB: JVNDB-2019-013807 // NVD: CVE-2019-0159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0159
value: HIGH

Trust: 1.0

NVD: CVE-2019-0159
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201912-573
value: HIGH

Trust: 0.6

VULHUB: VHN-140190
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-0159
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0159
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140190
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0159
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-0159
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140190 // VULMON: CVE-2019-0159 // JVNDB: JVNDB-2019-013807 // CNNVD: CNNVD-201912-573 // NVD: CVE-2019-0159

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2019-013807 // NVD: CVE-2019-0159

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-573

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201912-573

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013807

PATCH
title:INTEL-SA-00237url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html
Trust: 0.8
title:Linux Administrative Tools for Intel Network Adapters Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105388
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013807 // 
            
            
            
            CNNVD: CNNVD-201912-573

EXTERNAL IDS
db:NVDid:CVE-2019-0159
Trust: 2.6
db:JVNid:JVNVU93632155
Trust: 0.8
db:JVNDBid:JVNDB-2019-013807
Trust: 0.8
db:CNNVDid:CNNVD-201912-573
Trust: 0.7
db:AUSCERTid:ESB-2019.4652
Trust: 0.6
db:CNVDid:CNVD-2020-22819
Trust: 0.1
db:VULHUBid:VHN-140190
Trust: 0.1
db:VULMONid:CVE-2019-0159
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140190 // 
            
            
            
            VULMON: CVE-2019-0159 // 
            
            
            
            JVNDB: JVNDB-2019-013807 // 
            
            
            
            CNNVD: CNNVD-201912-573 // 
            
            
            
            NVD: CVE-2019-0159

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0159
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0159
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93632155/
Trust: 0.8
url:https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191210-01-security-notice-for-ca-automic-sysload.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4652/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140190 // 
            
            
            
            VULMON: CVE-2019-0159 // 
            
            
            
            JVNDB: JVNDB-2019-013807 // 
            
            
            
            CNNVD: CNNVD-201912-573 // 
            
            
            
            NVD: CVE-2019-0159

SOURCES
db:VULHUBid:VHN-140190
db:VULMONid:CVE-2019-0159
db:JVNDBid:JVNDB-2019-013807
db:CNNVDid:CNNVD-201912-573
db:NVDid:CVE-2019-0159

LAST UPDATE DATE
2024-11-23T19:33:23.286000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140190date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-0159date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-013807date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-573date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0159date:2024-11-21T04:16:22.590

SOURCES RELEASE DATE
db:VULHUBid:VHN-140190date:2019-12-16T00:00:00
db:VULMONid:CVE-2019-0159date:2019-12-16T00:00:00
db:JVNDBid:JVNDB-2019-013807date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-573date:2019-12-12T00:00:00
db:NVDid:CVE-2019-0159date:2019-12-16T20:15:14.413