Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0244 Intel RAID Web Console 2 Advisory 14 August 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel RAID Web Console 2 Operating System: Windows Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-0173 Member content until: Friday, September 13 2019 OVERVIEW Intel has discovered a potential security vulnerability in Intel RAID Web Console 2 (RWC2). [1] IMPACT Intel has provided the following information regarding the vulnerability: "Summary: Intel has identified a potential vulnerability in the Intel RAID Web Console 2 (RWC2). Intel has issued a Product Discontinuation notice for RWC2. Intel recommends that users uninstall Intel RWC2, then install RAID Web Console 3 (RWC3). Vulnerability Details: CVEID: CVE-2019-0173 Description: Authentication bypass in the web console for Intel Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. CVSS Base Score: 6.8 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" [1] MITIGATION Intel recommends that users uninstall Intel RAID Web Console 2, then install RAID Web Console 3 version 7.009.011.000 or later. [1] REFERENCES [1] Intel RAID Web Console 2 Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXVOI2WaOgq3Tt24GAQjdfhAAgo3ghGw0VcAuiEE75sN6g4uV0+awIe+l 0B8IAzWfunTdDSjjSwFuFwoBxxpm1bo0v+iB5BnUIaI2/BhQydDcRpjhxNfkTPz0 t7uSLNWbzMmlQAA2uPkYzn8hs4PfNsFAIcEtR14xa6hKcRVzcS7GlT7/8GmzseYM XBEp+OfD2gzwFWCrF0AnWvvGkNr9fM461nJ8/M/AXyG5n/bI+NGljenHlEeuca5e rcFZp/00lvQvc4QOi8l/x+tikax2fW78zmFA00E6uicAorr0TbJ3CWaXKgqboEH4 MeKGJf867xXNyUM2PyYTygYdK5FBRDHcMTXyPwYPf17k9Up/bVnClXW8weBq2G7X i+gVdEOuDdPNkSe6kEFRnAnkY/RK1JFktO/3aX6eDx6cQvFngXkjmmuGn+dy1D84 KyCnxEWcoQPosPiWH01t23y3aAvdjGDQ+0YWmWoEKzARBKM911LTTt6ehExipvdm oFxOqN9C1UwNhg0W2749cirNd2mvnYFwSPs3dNwTXe2t6QTiDJiLxnGr5JYU3L02 XBRIutQZsiTO0IYQfI0g2Shpi6Gd9JSpAmteGYWffy/b50lAGRdtMu/56sFl+KbS D5P3IU3QKvpGARsrpqOSRMFhEKv8Sjilsq+W6b0HI8KqtLhxU4/UqgDjUcrrVjvD BycjisT5Zsw= =h5oT -----END PGP SIGNATURE-----