ASA-2019-00334 – Intel RAID Web Console 3 for Windows: Insufficient session validation in the service API

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00334

Identifier(s)

ASA-2019-00334, CVE-2019-11119, INTEL-SA-00259

Title

Insufficient session validation in the service API

Vendor(s)

Intel

Product(s)

Intel® RAID Web Console 3 for Windows

Affected version(s)

Intel® RAID Web Console 3 for Windows version 4.186 and before

Fixed version(s)

Intel® RAID Web Console 3 for Windows update to 7.009.011.000 or later

Proof of concept

Unknown

Description

Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Technical details

Unknown

Credits

Alexander Gutkin

Reference(s)

Intel® RAID Web Console 3 for Windows* Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html

Intel® RAID Web Console 3 for Windows*
https://downloadcenter.intel.com/download/28781/Intel-RAID-Web-Console-3-for-Windows-?v=t

CVE-2019-11119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11119

CVE-2019-11119
https://nvd.nist.gov/vuln/detail/CVE-2019-11119

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 13, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.