Intel released fixes for several potential security vulnerabilities in system firmware for Intel® NUC which may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. The most severe flaw of all the issues Intel addressed is the privilege escalation glitch in the web-based RAID software.
The list of the affected products includes no less than 39 different entries The most severe flaw of all the issues Intel addressed is the privilege escalation glitch in the web-based RAID software was discovered internally by Intel researchers.
The Intel® RAID Web Console 3 (RWC3) for Windows may allow escalation of privilege. This can be leveraged by an unauthenticated attacker to obtain a higher permission level on the system by exploiting the bug over the network. Intel released a software update to mitigate this vulnerability.
INTEL-SA-00259 Vulnerability Details
- INTEL-SA-00259 Advisory
- CVEID: CVE-2019-11119
- CVSS Base Score: 8.9 High
- Affected Products: Intel® RAID Web Console 3 for Windows version 4.186 and prior versions.
- Description: Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Get A Report of all Affected RAID Installations
If you currently have Intel® RAID Web Console 3 for Windows deployed in your network, it's pretty critical that you update them at the earliest opportunity to ensure that you don't fall prey to this vulnerability.
Our custom color-coded vulnerability report can tell you in no time which devices have a vulnerable RAID version in place and need to be patched. Intel recommends that users of Intel® RAID Web Console 3 for Windows update to 7.009.011.000 or later.
If you haven't already, start your free Lansweeper trial and get a list of all vulnerable RAID versions in no time.