Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00215
HistoryFeb 12, 2019 - 12:00 a.m.

Intel® Data Center Manager SDK Advisory

2019-02-1200:00:00
Intel Security Center
www.intel.com
8

0.003 Low

EPSS

Percentile

69.5%

JSON

Summary:

Multiple potential security vulnerabilities in Intel® Data Center Manager SDK may allow escalation of privilege, denial of service, or information disclosure.** **Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2019-0102

Description: Insufficient session authentication in web server for Intel® Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2019-0103

Description: Insufficient file protection in install routine for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2019-0104

Description: Insufficient file protection in uninstall routine for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2019-0105

Description: Insufficient file permissions checking in install routine for Intel® Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2019-0106

Description: Insufficient run protection in install routine for Intel® Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2019-0107

Description: Insufficient user prompt in install routine for Intel® Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.2 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2019-0108

Description: Improper file permissions for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.

CVSS Base Score: 3.3. Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2019-0109

Description: Improper folder permissions in Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVEID: CVE-2019-0110

Description: Insufficient key management for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVEID: CVE-2019-0111

Description: Improper file permissions for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 3.8 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVEID: CVE-2019-0112

Description: Improper flow control in crypto routines for Intel® Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: 4.0 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected Products:

Intel® Data Center Manager SDK before version 5.0.2.

Recommendations:

Intel recommends that users follow the steps below to address these issues:

· Contact your Intel® Data Center Manger SDK Reseller for the version 5.0.2 update. A list of resellers can be found via the provided link.

· <https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html&gt;

Acknowledgements:

These issues were found internally by Intel employees. Intel we would like to thank the DCG Red Team.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.

Related

ics 1
cve 11
cvelist 11
prion 11
nvd 11
ics
ics
Intel Data Center Manager SDK
2019-02-19 12:00:00
cve
cve
CVE-2019-0103
2019-02-18 17:29:00
CVE-2019-0104
2019-02-18 17:29:00
CVE-2019-0110
2019-02-18 17:29:00
cvelist
cvelist
CVE-2019-0104
2019-02-12 00:00:00
CVE-2019-0103
2019-02-12 00:00:00
CVE-2019-0109
2019-02-12 00:00:00
prion
prion
Information disclosure
2019-02-18 17:29:00
Authorization
2019-02-18 17:29:00
Design/Logic Flaw
2019-02-18 17:29:00
nvd
nvd
CVE-2019-0110
2019-02-18 17:29:00
CVE-2019-0103
2019-02-18 17:29:00
CVE-2019-0105
2019-02-18 17:29:00

0.003 Low

EPSS

Percentile

69.5%

JSON
Related for INTEL:INTEL-SA-00215
ics1cve11cvelist11prion11nvd11