Intel ID:	INTEL-SA-00286
Advisory Category:	Software
Impact of vulnerability:	Escalation of Privilege
Severity rating:	MEDIUM
Original release:	10/08/2019
Last revised:	10/08/2019

Summary:

A potential security vulnerability in Intel® Smart Connect Technology for Intel® NUC may allow escalation of privilege.

Intel is not releasing updates to mitigate this potential vulnerability and is issuing a Product Discontinuation notice for Intel® Smart Connect Technology for Intel® NUC.

Vulnerability Details:

CVEID: CVE-2019-11167
Description: Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Affected Products:

Intel® Smart Connect Technology for Intel® NUC.

Recommendations:

Intel recommends that users of Intel® Smart Connect Technology for Intel® NUC uninstall or discontinue use at their earliest convenience.

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision	Date	Description
1.0	10/08/2019	Initial Release

Source: INTEL-SA-00286

Posted By: Brink
08 Oct 2019