CVE-2019-0128

CVE Database · CVE-2019-0128

CVE-2019-0128

· HIGHModified

CVSS v3.1

7.8

EPSS

0.51%

Published

Jun 13, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-264

Affected Products (1)

intel · chipset_device_software (up to 10.1.1.45)vulnerable

References (6)

http://www.securityfocus.com/bid/108767

Broken LinkThird Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/product_security/LEN-27840

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html

PatchVendor Advisory

http://www.securityfocus.com/bid/108767

Broken LinkThird Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/product_security/LEN-27840

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs