Skip to main content

Unite CVE-2017-5738

CRITICAL
Information Exposure (CWE-200)
2017-11-16 secure@intel.com
9.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 16, 2017 - 14:29 cve.org
CRITICAL 9.1

DescriptionCVE.org

Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.

AnalysisAI

Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. Affected products include: Intel Unite.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Unite

View all
CVE-2019-0172 CRITICAL
9.8 May 17

A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enabl

CVE-2019-0101 CRITICAL
9.8 Feb 18

Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to poten

CVE-2023-25773 HIGH
7.8 Aug 11

Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow a

CVE-2023-25182 HIGH
7.8 Aug 11

Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an aut

CVE-2021-0102 HIGH
7.8 Jun 09

Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authentica

CVE-2021-0098 HIGH
7.8 Jun 09

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated use

CVE-2019-0132 HIGH
7.5 May 17

Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially caus

CVE-2021-0112 HIGH
7.3 Jun 09

Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user

CVE-2021-0108 HIGH
7.3 Jun 09

Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated us

CVE-2023-32609 MEDIUM
5.5 Aug 11

Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated use

CVE-2023-25179 MEDIUM
5.5 May 10

Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authentica

CVE-2020-0575 MEDIUM
5.5 Nov 12

Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticat

Share

CVE-2017-5738 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy