CVE-2019-11133

{"id": "CVE-2019-11133", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-07-11T21:15:09.670", "references": [{"url": "http://www.securityfocus.com/bid/109096", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@intel.com"}, {"url": "https://support.f5.com/csp/article/K90305959", "source": "secure@intel.com"}, {"url": "https://support.f5.com/csp/article/K90305959?utm_source=f5support&amp%3Butm_medium=RSS", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html", "tags": ["Patch", "Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access."}, {"lang": "es", "value": "Un control de acceso inapropiado en la Herramienta de Diagn\u00f3stico del Procesadores Intel(R) anterior a la versi\u00f3n 4.1.2.24, puede permitir que un usuario autenticado habilite potencialmente una escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n o denegaci\u00f3n de servicio por medio del acceso local."}], "lastModified": "2023-11-07T03:02:41.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:processor_diagnostic_tool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3265C1FE-6FDF-49BC-AD63-32833A978D15", "versionEndExcluding": "4.1.2.24"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}