Intel Active System Console CVE-2019-11120 Local Privilege Escalation Vulnerability

Description

Intel Active System Console is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Intel Active System Console 8.0 Build 24 are vulnerable.

Technologies Affected

• Intel Active System Console 4.4
• Intel Active System Console 7.0
• Intel Active System Console 8.0 Build 21

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Allow only trusted and accountable individuals to have local interactive access to the vulnerable computer.

Run all software as a nonprivileged user with minimal access rights.
To limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.

Updates are available. Please see the references or vendor advisory for more information.