Intel ID: INTEL-SA-00259
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege
Severity rating: HIGH
Original release: 06/11/2019
Last revised: 06/11/2019

Summary:

A potential security vulnerability in the Intel® RAID Web Console 3 (RWC3) for Windows* may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2019-11119
Description: Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVSS Base Score: 8.9 High
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H

Affected Products:

Intel® RAID Web Console 3 for Windows* version 4.186 and before.

Recommendations:

Intel recommends that users of Intel® RAID Web Console 3 for Windows* update to 7.009.011.000 or later.

Updates are available for download at this location:

Download Intel(R) RAID Web Console 3 for Windows*

Acknowledgements:

The following issue was found internally by Intel employees. Intel would like to thank Alexander Gutkin.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision Date Description
1.0 06/11/2019 Initial Release

Source: INTEL-SA-00259