A potential security vulnerability in Intel Unite® Solution administrative portal may allow escalation of privilege.** **Intel is releasing software updates to mitigate this potential vulnerability.
CVEID: CVE-2019-0101
Description: Authentication bypass in the Intel Unite® solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite® Solution administrative portal via network access.
CVSS: 9.3 Critical
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H
Intel Unite® Solution software server component on versions 3.2 through 3.3.
Intel recommends that users of the Intel® Unite solution update to 3.2.91 and 3.3.163 or later.
Updates are available for download at this location:
For version 3.2 customers (server .msi file 3.2.91.51): <https://downloadcenter.intel.com/download/28498/Intel-Unite-App-Hot-Fix>
For version 3.3 customers (server .msi file 3.3.163.51): <https://downloadcenter.intel.com/download/28499/Intel-Unite-App-Hot-Fix>
This issue was found externally by an Intel partner.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.