CVE-2019-0128
HIGHIntel Chipset Device Software < 10.1.1.45 - Authenticated Privilege Escalation via Installer Permissions
Title source: llmDescription
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108767
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-27840
Scores
CVSS v3
7.8
EPSS
0.0015
EPSS Percentile
35.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (1)
intel/chipset_device_software
< 10.1.1.45
Published
Jun 13, 2019
Tracked Since
Feb 18, 2026