CVE-2019-0111

Vulnerability

In Intel Data Center Manager SDK versions prior to 5.0.2, improper file permissions are set during installation or runtime, allowing an authenticated local user to access files that should be protected. This vulnerability is categorized as CWE-275 (Permission Issues) [2].

Exploitation

An attacker must have local access and be authenticated to the system. Operating with standard user privileges, the attacker can exploit the misconfigured permissions to read files belonging to the Data Center Manager SDK, potentially including configuration files or credentials. No user interaction is required beyond initial authentication [1][2].

Impact

Successful exploitation leads to information disclosure of sensitive data accessible via the SDK's files. The attacker gains access to data that may aid in further attacks, but does not achieve code execution or privilege escalation directly from this vulnerability. The CVSS v3 base score is 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) [2].

Mitigation

Intel released version 5.0.2 of the Data Center Manager SDK to address this issue. Users should update to version 5.0.2 or later. No workaround is provided. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1][2].