Intel rolled out 11 software, firmware and hardware security updates on Jun 11, several of which could lead to an escalation of privilege situation if exploited.
The three most critical patches, all rated “high”, cover three product categories, Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise, Intel NUC PC and Intel Raid Web Console 3 for Windows.
The first vulnerability, CVE-2019-0130, is a reflected XSS web interface in Intel’s Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise that can lead to an escalation of privilege and denial of service.
The Intel NUC PC advisory contained seven firmware issues, CVE-2019-11123, CVE-2019-11124, CVE-2019-11125, CVE-2019-11126, CVE-2019-11127, CVE-2019-11128 and CVE-2019-11129, with the potential impact of creating an escalation of privilege, denial of service or information disclosure.
The Intel Raid Console 3 for Windows advisory contained only a single vulnerability, CVE-2019-11119. If left unpatched it could lead to an insufficient session validation in the service API for Intel RWC3 version 4.186 and before allowing an unauthenticated user to potentially enable escalation of privilege via network access.
Five of the advisories covered medium rated problems with Intel’s Omni-Path Fabric Manager GUI, Open Cloud Integrity Technology and OpenAttestation, Turbo Boost Max Technology 3.0, SGX for Linux, PROSet/Wireless WiFi Software and ITE Tech Consumer Infrared Driver for Windows 10. If exploited the impact ranged from escalation of privilege to information disclosure to denial of service.
The two “low” rated vulnerabilities are the hardware related CVE-2019-0174 a potential security vulnerability in some microprocessors may allow partial information disclosure via local access. The second takes care of a security flaw, CVE-2019-0128, in Intel’s chipset device software update utility that if exploited could allow an escalation of privilege.