CVE-2019-0110

Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/107071	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01	Third Party Advisory US Government Resource
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Vendor Advisory
http://www.securityfocus.com/bid/107071	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01	Third Party Advisory US Government Resource
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:16

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/107071 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/107071 - Third Party Advisory, VDB Entry
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01 - US Government Resource, Third Party Advisory~~	() https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01 - Third Party Advisory, US Government Resource
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html - Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html - Vendor Advisory

Information

Published : 2019-02-18 17:29

Updated : 2024-11-21 04:16

NVD link : CVE-2019-0110

Mitre link : CVE-2019-0110

CVE.ORG link : CVE-2019-0110

JSON object : View

Products Affected

intel

data_center_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-0110", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-02-18T17:29:00.783", "references": [{"url": "http://www.securityfocus.com/bid/107071", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@intel.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "http://www.securityfocus.com/bid/107071", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "Una gesti\u00f3n de claves insuficiente para Intel \u00ae Data Center Manager SDK, en versiones anteriores a la 5.0.2, podr\u00eda permitir a un usuario autenticado habilitar una divulgaci\u00f3n de informaci\u00f3n mediante un acceso local."}], "lastModified": "2024-11-21T04:16:14.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9CFEB9D-54FC-4F61-851D-37D4CACCC09F", "versionEndExcluding": "5.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-0110

5.5^/10

2.1^/10

Attach tags to `CVE-2019-0110`