Improper Permissions in Intel Chipset Device Software Installer
CVE-2019-0128

7.8HIGH

Key Information:

Vendor

Intel
Status
Intel(r) Chipset Device Software (inf Update Utility) Advisory
Vendor
CVE Published:
13 June 2019

What is CVE-2019-0128?

An improper permission issue in the installer for Intel(R) Chipset Device Software (INF Update Utility) prior to version 10.1.1.45 could allow an authenticated user with local access to escalate their privileges. This vulnerability may enable unauthorized actions on the system, potentially compromising the integrity and security of the affected environment.

Affected Version(s)

Intel(R) Chipset Device Software (INF Update Utility) Advisory Version before 10.1.1.45.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/108767
vdb-entryx_refsource_BID
https://support.lenovo.com/us/en/product_security/LEN-27840
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.