Allele Security Alert
ASA-2019-00566
Identifier(s)
ASA-2019-00566, CVE-2019-11120, INTEL-SA-00261
Title
Insufficient path checking in the installer
Vendor(s)
Intel
Product(s)
Intel Active System Console
Affected version(s)
Intel Active System Console for Intel Server Boards and Systems based on Intel 62X Chipset versions before 8.0 Build 24
Fixed version(s)
Intel Active System Console for Intel Server Boards and Systems based on Intel 62X Chipset version 8.0 Build 24
Proof of concept
Unknown
Description
Insufficient path checking in the installer for Intel Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access.
Technical details
Unknown
Credits
Marius Gabriel Mihai
Reference(s)
INTEL-SA-00261
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00261.html
Intel® Active System Console for Intel® Server Boards and Systems Based on Intel® 62X Chipset
https://downloadcenter.intel.com/download/26917/Intel-Active-System-Console-for-Intel-Server-Boards-and-Systems-based-on-Intel-62X-Chipset
CVE-2019-11120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11120
CVE-2019-11120
https://nvd.nist.gov/vuln/detail/CVE-2019-11120
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 21, 2019