Unite
CVE-2017-5738
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.
AnalysisAI
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. Affected products include: Intel Unite.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enabl
Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to poten
Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow a
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an aut
Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authentica
Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated use
Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially caus
Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user
Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated us
Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated use
Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authentica
Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticat
Same weakness CWE-200 – Information Exposure
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today