CVE-2019-0135 - OpenCVE

Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkstation P920 Firmware Thinkstation P520c Thinkstation P720 Firmware Thinkstation P520 Thinkstation P720 Thinkstation P520 Firmware Thinkstation P520c Firmware Thinkstation P920
Intel	Rapid Storage Technology Enterprise

Configuration 1 [-]

cpe:2.3:a:intel:rapid_storage_technology_enterprise:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p520_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p520:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p520c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p520c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p720_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p720:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p920_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-27843	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2019-03-14T20:00:00

Updated: 2019-06-24T16:13:30

Reserved: 2018-11-13T00:00:00

Link: CVE-2019-0135

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-14T20:29:01.600

Modified: 2023-03-03T19:57:58.273

Link: CVE-2019-0135

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "Intel(R) Accelerated Storage Manager in RSTe Advisory", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 5.5.0.2015."}]}], "datePublic": "2019-03-12T00:00:00", "descriptions": [{"lang": "en", "value": "Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206"}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-24T16:13:30", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-27843"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2019-0135", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) Accelerated Storage Manager in RSTe Advisory", "version": {"version_data": [{"version_value": "before 5.5.0.2015."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html"}, {"name": "https://support.lenovo.com/us/en/product_security/LEN-27843", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-27843"}]}}}}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-0135", "datePublished": "2019-03-14T20:00:00", "dateReserved": "2018-11-13T00:00:00", "dateUpdated": "2019-06-24T16:13:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:rapid_storage_technology_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "901DA51D-7BEA-4DD6-9ADF-B776D2218C47", "versionEndExcluding": "5.5.0.2015", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p520_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BA83987-B0E4-4BF8-8379-43B90420AAFD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p520:-:*:*:*:*:*:*:*", "matchCriteriaId": "6840BC60-44C3-4EA8-96D3-E93796C15310", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p520c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6E5525D-2EA6-4226-A6A3-5C1E442720E1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p520c:-:*:*:*:*:*:*:*", "matchCriteriaId": "0431D83D-1AC8-4EDE-8568-8695F8E68C35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p720_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0530CA83-60EA-422B-B0D1-6193336E0AD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p720:-:*:*:*:*:*:*:*", "matchCriteriaId": "A77DF681-F12F-4643-B5E1-1BEDE613E343", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p920_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB0B747D-09A0-4FBE-9984-6FDFD38CAADE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*", "matchCriteriaId": "D47FCAA7-B33F-4F00-85BA-AA8ED4790572", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206"}, {"lang": "es", "value": "Los permisos inapropiados en el instalador para Accelerated Storage Manager de Intel\u00ae en RSTe de Intel\u00ae anterior a versi\u00f3n 5.5.0.2015, pueden permitir que un usuario autenticado habilite potencialmente una escalada de privilegios por medio de un acceso local. L-SA-00206."}], "id": "CVE-2019-0135", "lastModified": "2023-03-03T19:57:58.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-14T20:29:01.600", "references": [{"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-27843"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}