Allele Security Alert
ASA-2019-00334
Identifier(s)
ASA-2019-00334, CVE-2019-11119, INTEL-SA-00259
Title
Insufficient session validation in the service API
Vendor(s)
Intel
Product(s)
Intel® RAID Web Console 3 for Windows
Affected version(s)
Intel® RAID Web Console 3 for Windows version 4.186 and before
Fixed version(s)
Intel® RAID Web Console 3 for Windows update to 7.009.011.000 or later
Proof of concept
Unknown
Description
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Technical details
Unknown
Credits
Alexander Gutkin
Reference(s)
Intel® RAID Web Console 3 for Windows* Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html
Intel® RAID Web Console 3 for Windows*
https://downloadcenter.intel.com/download/28781/Intel-RAID-Web-Console-3-for-Windows-?v=t
CVE-2019-11119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11119
CVE-2019-11119
https://nvd.nist.gov/vuln/detail/CVE-2019-11119
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 13, 2019