CVE-2019-0108

Vulnerability

Improper file permissions in Intel Data Center Manager SDK versions prior to 5.0.2 allow an authenticated user to access files with insufficient protection, leading to information disclosure via local access. The vulnerability is classified as a protection mechanism failure (CWE-693) and affects all builds before the fixed release [1][2].

Exploitation

An attacker must have local access to the system and be authenticated. No additional privileges are required beyond standard user authentication. The attacker can exploit the improper file permissions by reading files that should have restricted access, such as configuration or log files containing sensitive data [2].

Impact

Successful exploitation results in disclosure of confidential information. The CVSS v3 base score for this class of vulnerability is 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no impact on integrity or availability [2]. The attacker gains access to sensitive data but does not achieve code execution or privilege escalation.

Mitigation

Intel released version 5.0.2 to address the issue. Users should upgrade to 5.0.2 or later. No workarounds are documented in the available references [1][2].