Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4653
Intel Control Center-I Advisory
12 December 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel Control Center-I
Publisher: Intel
Operating System: Windows
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-14599
Original Bulletin:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00299.html
- --------------------------BEGIN INCLUDED TEXT--------------------
INTEL-SA-00299
The latest security information on Intel products.
Control Center-I Advisory
Intel ID: INTEL-SA-00299
Advisory Category: Software
Impact of vulnerability : Escalation of Privilege
Severity rating : MEDIUM
Original release: 12/10/2019
Last revised: 12/10/2019
Summary:
A potential security vulnerability in Control Center-I may allow escalation of
privilege. Intel is releasing software updates to mitigate this potential
vulnerability.
Vulnerability Details:
CVEID: CVE-2019-14599
Description: Unquoted service path in Control Center-I version 2.1.0.0 and
earlier may allow an authenticated user to potentially enable escalation of
privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
Control Center-I 2.1.0.0 and earlier.
Recommendations:
Intel recommends that users of Control Center-I version 2.1.0.0 and earlier
update to the latest version provided by the Original Equipment Manufacturer
that addresses these issues.
Acknowledgements:
Intel would like to thank Marius Gabriel Mihai for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice
called Coordinated Disclosure, under which a cybersecurity vulnerability is
generally publicly disclosed only after mitigations are available.
Revision History
Revision Date Description
1.0 12/10/2019 Initial Release
Legal Notices and Disclaimers
Intel provides these materials as-is, with no express or implied warranties.
All products, dates, and figures specified are preliminary based on current
expectations, and are subject to change without notice.
Intel, processors, chipsets, and desktop boards may contain design defects or
errors known as errata, which may cause the product to deviate from published
specifications. Current characterized errata are available on request.
Intel technologies features and benefits depend on system configuration and
may require enabled hardware, software or service activation. Performance
varies depending on system configuration. No computer system can be absolutely
secure. Check with your system manufacturer or retailer or learn more at https:
//intel.com .
Some results have been estimated or simulated using internal Intel analysis or
architecture simulation or modeling, and provided to you for informational
purposes. Any differences in your system hardware, software or configuration
may affect your actual performance.
Intel and the Intel logo are trademarks of Intel Corporation in the United
States and other countries.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXfHHzWaOgq3Tt24GAQhv7w//RDE4r8e5xIzHrQTdO7BN86JqMokRHNJK
wzyOIVWtV0ju0Xru3Wryfm4Z+97plWJas7nflqae2Xkj+AZjwTsy0K3h57w9Doig
HDgdSUC6Pmui/wtOpAhGiuc9ZsQ1T7pwJZszXDn5GoY47AX2/ejvjtec37GFip9w
7NMhmHz9y5I8mQATWVIsYj6bkl/ycUEM0RvG+GENld7yCB4j0FeYH/syYi0DpAs6
1mh9oIvAYoYh3OTc2Ui754v5a0/eufAeCyxEFocXU8CSXZpo5RrYoavn1/cz7RMv
PjdOexzXYcJMr4rXrslrilRvTpka8g2+XvDnlenCy8K7mlOm/x2F8FWMUim0tXHT
urFqkNMVDyGNDlUL7CQN++dIJDc6b+g0EJqFixfmmh1nu81KlNyjW8IxtHuruwrt
Hc+iB3BrwZipVJ+cSmZivw534tdZfhwgE9MDmC9CxdtNjMTHGyy/cN5YxQBFTo7D
aG4Stjv8Bl+4IdCXk3jh12iur3rlwYVy+4g3hwj5kE4TobCJynXI1TPc2DnX3XOF
K8O0MHV71EEviPNnM7vrOoTc3PFZDAZIdLhMpnclnWq3JmvNoi4x0/M6JpkmOJrT
ZaHfOPLJtyi4jVia414/bu2rNqXDkn4c7c9aHOj4+moYoZasIOfzWOD7sUSglOrI
syrm5xkoCjU=
=2Ou/
-----END PGP SIGNATURE-----