ASA-2019-00427 – Intel Processor Diagnostic Tool: Improper access control

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00427

Identifier(s)

ASA-2019-00427, CVE-2019-11133, INTEL-SA-00268

Title

Improper access control

Vendor(s)

Intel

Product(s)

Intel® Processor Diagnostic Tool

Affected version(s)

Intel® Processor Diagnostic Tool for 32-bit before version 4.1.2.24_32bit
Intel® Processor Diagnostic Tool for 64-bit before version 4.1.2.24_64bit

Fixed version(s)

Intel® Processor Diagnostic Tool version 4.1.2.24 or later

Proof of concept

Unknown

Description

Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

Technical details

Unknown

Credits

Jesse Michael (Eclypsium)

Reference(s)

Intel® Processor Diagnostic Tool Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html

Download Intel® Processor Diagnostic Tool
https://downloadcenter.intel.com/download/19792/Intel-Processor-Diagnostic-Tool

CVE-2019-11133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11133

CVE-2019-11133
https://nvd.nist.gov/vuln/detail/CVE-2019-11133

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 16, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.