A potential security vulnerability in Intel® USB 3.0 Creator Utility may allow escalation of privilege. Intel is discontinuing the hosting and support of this tool.
CVEID: CVE-2019-0129
Description: Improper permissions for Intel® USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 5.0 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Intel® USB 3.0 Creator Utility in all versions.
Intel has removed the USB 3.0 Creator Utility from distribution and recommends that users of the Intel® USB 3.0 Creator Utilty uninstall it or discontinue use at their earliest convenience.
Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.