Multiple vulnerabilities in Intel Data Center Manager SDK
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2019-0102 CVE-2019-0103 CVE-2019-0104 CVE-2019-0105 CVE-2019-0106 CVE-2019-0107 CVE-2019-0108 CVE-2019-0109 CVE-2019-0110 CVE-2019-0111 CVE-2019-0112 |
| CWE-ID | CWE-287 CWE-200 CWE-264 CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Data Center Manager SDK Client/Desktop applications / File managers, FTP clients |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Improper authentication
EUVDB-ID: #VU17789
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0102
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient session authentication in web server for Intel(R) Data Center Manager SDK. An adjacent attacker can gain elevated privileges.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU17791
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0103
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient file protection in install routine for Intel(R) Data Center Manager SDK. A local attacker can gain access to important data.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU17792
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0104
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK. A local attacker can gain access to important data.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU17793
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0105
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK. A remote attacker can trick the victim into processing a specially crafted input and gain elevated privileges to conduct further attacks.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU17794
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0106
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient run protection in install routine for Intel(R) Data Center Manager SDK. A local attacker can gain elevated privileges to conduct further attacks.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Privilege escalation
EUVDB-ID: #VU17795
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0107
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient user prompt in install routine for Intel(R) Data Center Manager SDK. A local attacker can gain elevated privileges to conduct further attacks.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU17796
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0108
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper file permissions for Intel(R) Data Center Manager SDK. A local attacker can gain access to arbitrary data.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Privilege escalation
EUVDB-ID: #VU17797
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0109
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to improper folder permissions in Intel(R) Data Center Manager SDK. A local attacker can gain elevated privileges to conduct further attacks.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU17798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0110
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient key management for Intel(R) Data Center Manager SDK. A local attacker can gain access to important data.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU17799
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0111
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper file permissions for Intel(R) Data Center Manager SDK. A local attacker can gain access to important data.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU17800
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0112
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper flow control in crypto routines for Intel(R) Data Center Manager SDK. A remote attacker can trick the victim into processing a specially crafted input and cause the service to crash.
Update to version 5.0.2.
Vulnerable software versionsData Center Manager SDK: 5.0.0 - 5.0.1
CPE2.3- cpe:2.3:a:intel:data_center_manager_sdk:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager_sdk:5.0.1:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
