ASA-2019-00339 – Intel Accelerated Storage Manager in Intel RSTe: Reflected Cross-Site Scripting (XSS) in web interface

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00339

Identifier(s)

ASA-2019-00339, CVE-2019-0130, INTEL-SA-00226

Title

Reflected Cross-Site Scripting (XSS) in web interface

Vendor(s)

Intel

Product(s)

Intel® Accelerated Storage Manager in Intel® RSTe

Affected version(s)

Intel® Accelerated Storage Manager in Intel® RSTe before version 5.5.0.2015

Fixed version(s)

Intel® Accelerated Storage Manager in Intel® RSTe version 5.5.0.2015 or later

Proof of concept

Unknown

Description

Reflected Cross-Site Scripting (XSS) in web interface for Intel Accelerated Storage Manager in Intel RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.

Technical details

Unknown

Credits

Marius Gabriel Mihai

Reference(s)

Intel® Accelerated Storage Manager in Intel® Rapid Storage Technology Enterprise Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html

Intel® Virtual RAID on CPU (Intel® VROC) and Intel® Rapid Storage Technology enterprise (Intel® RSTe) Driver for Windows Server 2019*
https://downloadcenter.intel.com/download/28681

CVE-2019-0130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0130

CVE-2019-0130
https://nvd.nist.gov/vuln/detail/CVE-2019-0130

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 13, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.