Intel has identified a potential vulnerability in the Intel® RAID Web Console 2 (RWC2). Intel has issued a Product Discontinuation notice for RWC2. Intel recommends that users uninstall Intel® RWC2, then install RAID Web Console 3 (RWC3).****
CVEID: CVE-2019-0173
Description: Authentication bypass in the web console for Intel® Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.
CVSS Base Score: 6.8 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Intel® RAID Web Console 2 all versions.
Intel recommends that users uninstall Intel® RAID Web Console 2, then install RAID Web Console 3 version 7.009.011.000 or later.
Intel® RAID Web Console 3 is available for download at this location: <https://downloadcenter.intel.com/download/28781/Intel-RAID-Web-Console-3-for-Windows-?product=43732>
Intel would like to thank trotmaster99 for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.