Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0244
Intel RAID Web Console 2 Advisory
14 August 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel RAID Web Console 2
Operating System: Windows
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-0173
Member content until: Friday, September 13 2019
OVERVIEW
Intel has discovered a potential security vulnerability in Intel RAID
Web Console 2 (RWC2). [1]
IMPACT
Intel has provided the following information regarding the
vulnerability:
"Summary:
Intel has identified a potential vulnerability in the Intel RAID Web Console 2
(RWC2). Intel has issued a Product Discontinuation notice for RWC2. Intel
recommends that users uninstall Intel RWC2, then install RAID Web Console 3
(RWC3).
Vulnerability Details:
CVEID: CVE-2019-0173
Description: Authentication bypass in the web console for Intel Raid Web
Console 2 all versions may allow an unauthenticated attacker to potentially
enable disclosure of information via network access.
CVSS Base Score: 6.8 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" [1]
MITIGATION
Intel recommends that users uninstall Intel RAID Web Console 2, then
install RAID Web Console 3 version 7.009.011.000 or later. [1]
REFERENCES
[1] Intel RAID Web Console 2 Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXVOI2WaOgq3Tt24GAQjdfhAAgo3ghGw0VcAuiEE75sN6g4uV0+awIe+l
0B8IAzWfunTdDSjjSwFuFwoBxxpm1bo0v+iB5BnUIaI2/BhQydDcRpjhxNfkTPz0
t7uSLNWbzMmlQAA2uPkYzn8hs4PfNsFAIcEtR14xa6hKcRVzcS7GlT7/8GmzseYM
XBEp+OfD2gzwFWCrF0AnWvvGkNr9fM461nJ8/M/AXyG5n/bI+NGljenHlEeuca5e
rcFZp/00lvQvc4QOi8l/x+tikax2fW78zmFA00E6uicAorr0TbJ3CWaXKgqboEH4
MeKGJf867xXNyUM2PyYTygYdK5FBRDHcMTXyPwYPf17k9Up/bVnClXW8weBq2G7X
i+gVdEOuDdPNkSe6kEFRnAnkY/RK1JFktO/3aX6eDx6cQvFngXkjmmuGn+dy1D84
KyCnxEWcoQPosPiWH01t23y3aAvdjGDQ+0YWmWoEKzARBKM911LTTt6ehExipvdm
oFxOqN9C1UwNhg0W2749cirNd2mvnYFwSPs3dNwTXe2t6QTiDJiLxnGr5JYU3L02
XBRIutQZsiTO0IYQfI0g2Shpi6Gd9JSpAmteGYWffy/b50lAGRdtMu/56sFl+KbS
D5P3IU3QKvpGARsrpqOSRMFhEKv8Sjilsq+W6b0HI8KqtLhxU4/UqgDjUcrrVjvD
BycjisT5Zsw=
=h5oT
-----END PGP SIGNATURE-----