My Blog

Intel® Accelerated Storage Manager in Intel® Rapid Storage Technology Enterprise Advisory

Intel ID: INTEL-SA-00226
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Denial of Service
Severity rating: HIGH
Original release: 06/11/2019
Last revised: 06/11/2019

Summary:

Potential security vulnerabilities in Intel® Accelerated Storage Manager in Intel® Rapid Storage Technology Enterprise (RSTe) may allow escalation of privilege or denial of service.  Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2019-0130

Description: Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H

Affected Products:

Intel® Accelerated Storage Manager in Intel® RSTe before version 5.5.0.2015.

Recommendations:

Intel recommends that users of Intel® Accelerated Storage Manager in Intel® RSTe update to the latest version provided by the system manufacturer that addresses these issues.

For Intel branded servers, please update to version 5.5.0.2015 or later, available here:

https://downloadcenter.intel.com/download/28681

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision Date Description
1.0 06/11/2019 Initial Release
my-tracker_cpteIntel® Accelerated Storage Manager in Intel® Rapid Storage Technology Enterprise Advisory