During that time the estimated underground price was around $5k-$25k. The vulnerability was handled as a non-public zero-day exploit for at least 2 days. The MITRE ATT&CK project declares the attack technique as T1068. The current price for an exploit might be approx. There are neither technical details nor an exploit publicly available. A simple authentication is necessary for exploitation. The attack needs to be approached locally. This vulnerability is handled as CVE-2019-0129 since. Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Impacted is confidentiality, integrity, and availability. Using CWE to declare the problem leads to CWE-264. The manipulation with an unknown input leads to a access control vulnerability. Affected by this issue is an unknown part. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in Intel USB 3.0 Creator Utility ( affected version not known) and classified as critical. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 Comments
Leave a Reply. |