Potential security vulnerability in Intel® Data Center Manager SDK may allow privilege escalation. Intel is releasing Intel® Data Center Manager updates to mitigate this potential vulnerability.
CVEID: CVE-2018-3679
Description: Escalation of privilege in Reference UI in Intel® Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
CVSS Base Score: 9.6 Critical
CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Intel® Data Center manager before 5.1
Intel recommends that users of Intel® Data Center Manager SDK update to 5.1 or later.
Updates are available from the software reseller:
<https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html>
Intel would like to thank Andrea Micalizzi (aka rgod) for reporting and working with us on coordinated disclosure.