Intel® Unite Privilege Escalation Advisory

Summary:

A potential security vulnerability in Intel Unite® Solution administrative portal may allow escalation of privilege.** **Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2019-0101

Description: Authentication bypass in the Intel Unite® solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite® Solution administrative portal via network access.

CVSS: 9.3 Critical

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H

Affected Products:

Intel Unite® Solution software server component on versions 3.2 through 3.3.

Recommendations:

Intel recommends that users of the Intel® Unite solution update to 3.2.91 and 3.3.163 or later.

Updates are available for download at this location:

For version 3.2 customers (server .msi file 3.2.91.51): <https://downloadcenter.intel.com/download/28498/Intel-Unite-App-Hot-Fix&gt;

For version 3.3 customers (server .msi file 3.3.163.51): <https://downloadcenter.intel.com/download/28499/Intel-Unite-App-Hot-Fix&gt;

Acknowledgements:

This issue was found externally by an Intel partner.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.