Multiple potential security vulnerabilities in Intel® Data Center Manager SDK may allow escalation of privilege, denial of service, or information disclosure.** **Intel is releasing software updates to mitigate these potential vulnerabilities.
CVEID: CVE-2019-0102
Description: Insufficient session authentication in web server for Intel® Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVSS Base Score: 8.8 High
CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2019-0103
Description: Insufficient file protection in install routine for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEID: CVE-2019-0104
Description: Insufficient file protection in uninstall routine for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEID: CVE-2019-0105
Description: Insufficient file permissions checking in install routine for Intel® Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEID: CVE-2019-0106
Description: Insufficient run protection in install routine for Intel® Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2019-0107
Description: Insufficient user prompt in install routine for Intel® Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.2 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2019-0108
Description: Improper file permissions for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.
CVSS Base Score: 3.3. Low
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEID: CVE-2019-0109
Description: Improper folder permissions in Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVEID: CVE-2019-0110
Description: Insufficient key management for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVEID: CVE-2019-0111
Description: Improper file permissions for Intel® Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVEID: CVE-2019-0112
Description: Improper flow control in crypto routines for Intel® Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access.
CVSS Base Score: 4.0 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
Intel® Data Center Manager SDK before version 5.0.2.
Intel recommends that users follow the steps below to address these issues:
· Contact your Intel® Data Center Manger SDK Reseller for the version 5.0.2 update. A list of resellers can be found via the provided link.
· <https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html>
These issues were found internally by Intel employees. Intel we would like to thank the DCG Red Team.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.