Intel® RAID Web Console 2 Advisory

Summary:

Intel has identified a potential vulnerability in the Intel® RAID Web Console 2 (RWC2). Intel has issued a Product Discontinuation notice for RWC2. Intel recommends that users uninstall Intel® RWC2, then install RAID Web Console 3 (RWC3).****

Vulnerability Details:

CVEID: CVE-2019-0173

Description: Authentication bypass in the web console for Intel® Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

Affected Products:

Intel® RAID Web Console 2 all versions.

Recommendations:

Intel recommends that users uninstall Intel® RAID Web Console 2, then install RAID Web Console 3 version 7.009.011.000 or later.

Intel® RAID Web Console 3 is available for download at this location: <https://downloadcenter.intel.com/download/28781/Intel-RAID-Web-Console-3-for-Windows-?product=43732&gt;

Acknowledgements:

Intel would like to thank trotmaster99 for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.