CVE-2019-11145

Vulnerability

An improper file verification vulnerability exists in Intel® Driver & Support Assistant (DSA) versions prior to 19.7.30.2. This flaw allows an authenticated user to potentially escalate privileges on the local system. The issue originates from insufficient validation of files handled by the DSA, which can be exploited when the vulnerable component processes a specially crafted file. Affected versions: all Intel DSA releases before 19.7.30.2 [1].

Exploitation

An attacker must have local access to the system and be authenticated as a standard user. The exploitation process involves replacing or supplying a malicious file that is not properly verified by the DSA during its update or maintenance operations. No additional privileges are required beyond local authenticated access, and no user interaction beyond standard DSA usage is necessary [1].

Impact

Successful exploitation allows the attacker to escalate privileges to a higher level, potentially achieving system-level or administrator access. This could lead to full compromise of the local machine, including arbitrary code execution, modification of system files, and access to sensitive data [1].

Mitigation

Intel has released a fix in Intel DSA version 19.7.30.2. All users are strongly recommended to update to this version or later via the official Intel website [1]. There are no known workarounds for versions prior to the fix; upgrading is the only mitigation.