Intel ID: INTEL-SA-00171
Advisory Category: Software
Impact of vulnerability: Information Disclosure
Severity rating: MEDIUM
Original release: 10/09/2018
Last revised: 10/09/2018

Summary:

A potential security vulnerability in the Intel® Raid Web Server 3 may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2018-12161

Description: Insufficient session validation in the webserver component of the Intel(R) Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products:

Intel® RAID Web Console for Windows version 3 and before.

Recommendations:

Intel recommends that users of Intel® RAID Web Console for Windows update to version 4.186 or later.

Updates are available for download at this location: https://downloadcenter.intel.com/dow...3-for-Windows-

Acknowledgements:

Intel would like to thank Trotmaster for reporting this issue and working with us on coordinated disclosure.

Revision History

Revision Date Description
1.0 10/09/2018 Initial Release

Source: INTEL-SA-00171