Intel® Driver & Support Assistant and Intel® Software Asset Manager Advisory

Summary:

Potential security vulnerabilities in Intel® Driver & Support Assistant, Intel® Software Asset Manager and Intel® Computing Improvement Program may allow escalation of privilege. Intel is releasing Intel® Driver & Support Assistant updates to mitigate these potential vulnerabilities.

Vulnerability Details

CVEID:** **CVE-2018-12148

Description: Privilege escalation in file permissions in Intel® Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.

CVSS Base Score:** **7.8 High

CVSS Vector:** **CVSS:3.0/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVEID:** **CVE- 2018-12168

Description: Privilege escalation in file permissions in Intel® Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.

CVSS Base Score:** **7.8 High

CVSS Vector:** CVSS:3.0/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H**

Affected Products:

Intel® Driver & Support Assistant before 3.5.0.1

Intel® Computing Improvement Program before 2.2.0.03942

Recommendations:

Intel recommends that users of Intel® Driver & Support Assistant, and Intel® Computing Improvement Program update to Intel® Driver & Support Assistant 3.5.0.3 or later.

Intel® Software Asset Manager is part of the Intel® Driver & Support Assistant and will be updated as well.

Updates are available for download at this location: <https://downloadcenter.intel.com/download/24345/Intel-Driver-Support-Assistant&gt;

Acknowledgements:

Intel would like to thank Mark Barnes (MWR Labs) for reporting this issue and working with us on coordinated disclosure.