{"api_version":"1","generated_at":"2026-05-13T06:36:52+00:00","cve":"CVE-2019-11162","urls":{"html":"https://cve.report/CVE-2019-11162","api":"https://cve.report/api/cve/CVE-2019-11162.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-11162","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-11162"},"summary":{"title":"CVE-2019-11162","description":"Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.","state":"PUBLIC","assigner":"secure@intel.com","published_at":"2019-08-19 17:15:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"INTEL-SA-00283","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-11162","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11162","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"11162","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"intel","cpe5":"computing_improvement_program","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11162","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"intel","cpe5":"computing_improvement_program","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-11162","ASSIGNER":"secure@intel.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Intel(R) Computing Improvement Program Advisory","version":{"version_data":[{"version_value":"Versions before 2.4.0.04733"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Escalation of Privilege, Denial of Service, Information Disclosure"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"}]},"description":{"description_data":[{"lang":"eng","value":"Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access."}]}},"nvd":{"publishedDate":"2019-08-19 17:15:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:intel:computing_improvement_program:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.0.04733","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"11162","Ordinal":"149448","Title":"CVE-2019-11162","CVE":"CVE-2019-11162","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"11162","Ordinal":"1","NoteData":"Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"11162","Ordinal":"2","NoteData":"2019-08-19","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"11162","Ordinal":"3","NoteData":"2019-08-19","Type":"Other","Title":"Modified"}]}}}