Computing Improvement Program
CVE-2019-11162
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
AnalysisAI
Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Technical ContextAI
Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. Affected products include: Intel Computing Improvement Program. Version information: version 2.4.0.04733.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 ma
Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenti
Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an
Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentia
Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged
Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user t
Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Appl
Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within
Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applicat
Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Appl
Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Appli
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today