Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-11154

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-14 Nov, 2019 | 16:53
Updated At-04 Aug, 2024 | 22:48
Rejected At-
Credits

Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:14 Nov, 2019 | 16:53
Updated At:04 Aug, 2024 | 22:48
Rejected At:
▼CVE Numbering Authority (CNA)

Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.

Affected Products
Vendor
n/a
Product
Intel(R) PROSet/Wireless WiFi Software Security
Versions
Affected
  • See provided reference
Problem Types
TypeCWE IDDescription
textN/ADenial of Service, Information Disclosure
Type: text
CWE ID: N/A
Description: Denial of Service, Information Disclosure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.html
x_refsource_MISC
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:14 Nov, 2019 | 17:15
Updated At:21 Jul, 2021 | 11:39

Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Primary2.03.6LOW
AV:L/AC:L/Au:N/C:P/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Primary
Version: 2.0
Base score: 3.6
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:P
CPE Matches
Intel Corporation
intel
>>proset\/wireless_wifi>>Versions before 21.40(exclusive)
cpe:2.3:a:intel:proset\/wireless_wifi:*:*:*:*:*:*:*:*
Intel Corporation
intel
>>dual_band_wireless-ac_3165>>-
cpe:2.3:h:intel:dual_band_wireless-ac_3165:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>dual_band_wireless-ac_3168>>-
cpe:2.3:h:intel:dual_band_wireless-ac_3168:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>dual_band_wireless-ac_7265_\(rev_d\)>>-
cpe:2.3:h:intel:dual_band_wireless-ac_7265_\(rev_d\):-:*:*:*:*:*:*:*
Intel Corporation
intel
>>dual_band_wireless-ac_8260>>-
cpe:2.3:h:intel:dual_band_wireless-ac_8260:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>dual_band_wireless-ac_8265>>-
cpe:2.3:h:intel:dual_band_wireless-ac_8265:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>dual_band_wireless-n_7265_\(rev_d\)>>-
cpe:2.3:h:intel:dual_band_wireless-n_7265_\(rev_d\):-:*:*:*:*:*:*:*
Intel Corporation
intel
>>wi-fi_6_ax200>>-
cpe:2.3:h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>wi-fi_6_ax201>>-
cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>wireless-ac_9260>>-
cpe:2.3:h:intel:wireless-ac_9260:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>wireless-ac_9461>>-
cpe:2.3:h:intel:wireless-ac_9461:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>wireless-ac_9462>>-
cpe:2.3:h:intel:wireless-ac_9462:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>wireless-ac_9560>>-
cpe:2.3:h:intel:wireless-ac_9560:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>wireless_7265_\(rev_d\)>>-
cpe:2.3:h:intel:wireless_7265_\(rev_d\):-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.htmlsecure@intel.com
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00288.html
Source: secure@intel.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

76Records found
CVE-2018-3701
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-proset\/wireless_wifiIntel(R) PROSet/Wireless WiFi Software Advisory
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-3704
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-parallel_studioparallel_studio_xeIntel Parallel Studio
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-3702
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-ite_tech_consumer_infrared_driverwindows_10ITE Tech Consumer Infrared Driver for Windows 10 Advisory
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-3697
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.11%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-media_server_studioIntel Media Server Studio
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-38103
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_software_studio_serviceIntel(R) NUC Software Studio Service installer
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18098
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.38%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 20:00
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.

Action-Not Available
Vendor-Microsoft CorporationIntel Corporation
Product-sgx_platform_softwarewindowssgx_sdkIntel(R) SGX SDK and Platform Software for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18097
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-solid_state_drive_toolboxIntel Solid State Drive Toolbox
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18094
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 17:01
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-media_sdkIntel(R) Media SDK Advisory
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18093
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.

Action-Not Available
Vendor-Intel Corporation
Product-vtune_amplifierIntel VTune Amplifier
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-33898
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.28%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_watchdog_timer_utilityIntel(R) NUC Watchdog Timer installation software
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12223
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.15%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel(R) Graphics Driver for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12168
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.87%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.

Action-Not Available
Vendor-Intel Corporation
Product-computing_improvement_programIntel(R) Computing Improvement Program
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12177
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 20:00
Updated-16 Sep, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-wireless-ac_9560dual_band_wireless-ac_8265_desktop_kitwireless-n_7265_\(rev_c\)dual_band_wireless-n_7260dual_band_wireless-ac_7265_\(rev_d\)dual_band_wireless-ac_8265dual_band_wireless-ac_7260wireless-ac_9462tri-band_wireless-ac_18260dual_band_wireless-ac_7265\(rev_c\)wireless-ac_9461dual_band_wireless-ac_3160tri-band_wireless-ac_17265proset\/wireless_softwarewireless-n_7260dual_band_wireless-ac_3165dual_band_wireless-ac_8260wireless-ac_9260dual_band_wireless-ac_3168wireless-n_7265_\(rev_d\)dual_band_wireless-ac_7260_for_desktopdual_band_wireless-n_7265_\(rev_c\)tri-band_wireless-ac_18265dual_band_wireless-n_7265_\(rev_d\)Intel(R) PROSet/Wireless WiFi Software
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-4332
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.77%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

Action-Not Available
Vendor-Intel CorporationBroadcom Inc.
Product-raid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)lsi_storage_authorityraid_web_console_3
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12131
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 14:00
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-client_nvmedatacenter_nvmerapid_storage_technologyIntel NVMe and Intel RSTe
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12209
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.10% / 28.15%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel(R) Graphics Driver for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12162
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.22%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access.

Action-Not Available
Vendor-Intel Corporation
Product-openvino_toolkitIntel(R) OpenVINO(TM) Toolkit for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12173
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.6||HIGH
EPSS-0.04% / 12.75%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 18:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.

Action-Not Available
Vendor-Intel Corporation
Product-server_system_r1000wf_firmwareserver_board_s2600wfrserver_system_r1000wfrserver_board_s2600bpr_firmwareserver_board_s2600bprcompute_module_hns2600bprserver_system_h2000gr_firmwarecompute_module_hns2600bp_firmwareserver_system_r1000wfr_firmwareserver_board_s2600st_firmwarecompute_module_hns2600bpserver_system_h2000g_firmwareserver_system_h2000grserver_system_r2000wfrserver_system_r2000wf_firmwareserver_system_h2000gserver_board_s2600bpserver_system_r2000wfserver_system_r1000wfcompute_module_hns2600bpr_firmwareserver_board_s2600wfserver_board_s2600bp_firmwareserver_board_s2600wf_firmwareserver_board_s2600wfr_firmwareserver_board_s2600stserver_board_s2600str_firmwareserver_system_r2000wfr_firmwareserver_board_s2600strIntel Server Boards Firmware
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12148
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.87%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.

Action-Not Available
Vendor-Intel Corporation
Product-driver_\&_support_assistantIntel(R) Driver & Support Assistant
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12217
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-2.3||LOW
EPSS-0.11% / 29.54%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to read device configuration information via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel(R) Graphics Driver for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-34314
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-simics_simulatorIntel(R) Simics Simulator software
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-39230
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-rapid_storage_technologyIntel Rapid Storage Technology software
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12200
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access.

Action-Not Available
Vendor-Intel Corporation
Product-capability_licensing_serviceIntel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2005-4868
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.14% / 33.43%
||
7 Day CHG~0.00%
Published-06 Oct, 2007 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft Corporation
Product-db2_universal_databasewindowsn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2014-10401
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 9.12%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 18:37
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

Action-Not Available
Vendor-perln/a
Product-dbin/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2014-10402
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.92%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:55
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

Action-Not Available
Vendor-perln/a
Product-dbin/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • Next
Details not found