Vulnerability-Lookup

CVE-2016-1493 (GCVE-0-2016-1493)

Vulnerability from cvelistv5 – Published: 2016-01-29 20:00 – Updated: 2024-08-05 22:55

Summary

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://packetstormsecurity.com/files/135314/Intel…	x_refsource_MISC
	http://www.coresecurity.com/advisories/intel-driv…	x_refsource_MISC
	https://security-center.intel.com/advisory.aspx?i…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/537327/100…	mailing-listx_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2016/Jan/56	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
          },
          {
            "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
          },
          {
            "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Jan/56"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
        },
        {
          "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
        },
        {
          "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Jan/56"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1493",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
            },
            {
              "name": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
            },
            {
              "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr",
              "refsource": "CONFIRM",
              "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
            },
            {
              "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
            },
            {
              "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Jan/56"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1493",
    "datePublished": "2016-01-29T20:00:00.000Z",
    "dateReserved": "2016-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:55:14.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1493\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-01-29T20:59:07.577\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.\"},{\"lang\":\"es\",\"value\":\"Intel Driver Update Utility en versiones anteriores a 2.4 recupera actualizaciones de controlador en texto plano, lo que facilita a atacantes man-in-the-middle ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:driver_update_utility:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3B46FA9-1E0D-477C-ADB2-F8DE6D7CC26B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:driver_update_utility:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A501A6CD-10BB-4AED-8553-66A0AF950663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:driver_update_utility:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E27E39A-2FE0-4995-9503-524F2CB33B84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:driver_update_utility:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F9011A-8179-47B2-92D7-942FA43942FE\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2016/Jan/56\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/537327/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2016/Jan/56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/537327/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-RVJ2-JR49-7HC2

Vulnerability from github – Published: 2022-05-14 02:47 – Updated: 2022-05-14 02:47

Details

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-01-29T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.",
  "id": "GHSA-rvj2-jr49-7hc2",
  "modified": "2022-05-14T02:47:00Z",
  "published": "2022-05-14T02:47:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1493"
    },
    {
      "type": "WEB",
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Jan/56"
    },
    {
      "type": "WEB",
      "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-1493

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

Aliases

CVE-2016-1493

Aliases

CVE-2016-1493

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1493",
    "description": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.",
    "id": "GSD-2016-1493",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-1493"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1493"
      ],
      "details": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.",
      "id": "GSD-2016-1493",
      "modified": "2023-12-13T01:21:24.329091Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-1493",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
          },
          {
            "name": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm",
            "refsource": "MISC",
            "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
          },
          {
            "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr",
            "refsource": "CONFIRM",
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
          },
          {
            "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
          },
          {
            "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/Jan/56"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:driver_update_utility:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:driver_update_utility:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:driver_update_utility:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:driver_update_utility:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1493"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-345"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
            },
            {
              "name": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
            },
            {
              "name": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
            },
            {
              "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2016/Jan/56"
            },
            {
              "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-09T19:59Z",
      "publishedDate": "2016-01-29T20:59Z"
    }
  }
}

FKIE_CVE-2016-1493

Vulnerability from fkie_nvd - Published: 2016-01-29 20:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html
cve@mitre.org	http://seclists.org/fulldisclosure/2016/Jan/56
cve@mitre.org	http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm
cve@mitre.org	http://www.securityfocus.com/archive/1/537327/100/0/threaded
cve@mitre.org	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/Jan/56
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/537327/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
intel	driver_update_utility	2.0
intel	driver_update_utility	2.1
intel	driver_update_utility	2.2
intel	driver_update_utility	2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:driver_update_utility:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3B46FA9-1E0D-477C-ADB2-F8DE6D7CC26B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:driver_update_utility:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A501A6CD-10BB-4AED-8553-66A0AF950663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:driver_update_utility:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E27E39A-2FE0-4995-9503-524F2CB33B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:driver_update_utility:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F9011A-8179-47B2-92D7-942FA43942FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
    },
    {
      "lang": "es",
      "value": "Intel Driver Update Utility en versiones anteriores a 2.4 recupera actualizaciones de controlador en texto plano, lo que facilita a atacantes man-in-the-middle ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."
    }
  ],
  "id": "CVE-2016-1493",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-29T20:59:07.577",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2016/Jan/56"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2016/Jan/56"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201601-0464

Vulnerability from variot - Updated: 2025-04-13 23:39

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0464",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "driver update utility",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "2.0"
      },
      {
        "model": "driver update utility",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "2.2"
      },
      {
        "model": "driver update utility",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "2.3"
      },
      {
        "model": "driver update utility",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "2.1"
      },
      {
        "model": "driver update utility",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "2.4"
      },
      {
        "model": "driver update utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "2.2.0.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "81053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1493"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:intel:driver_update_utility",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joaqu\u00edn Rodr\u00edguez Varela from Core Security Advisories Team.",
    "sources": [
      {
        "db": "BID",
        "id": "81053"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1493",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2016-1493",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-90312",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "id": "CVE-2016-1493",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1493",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1493",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201601-685",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90312",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1493",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1493"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. \nDue to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "db": "BID",
        "id": "81053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1493"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-90312",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90312"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1493",
        "trust": 2.9
      },
      {
        "db": "PACKETSTORM",
        "id": "135314",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "81053",
        "trust": 0.5
      },
      {
        "db": "VULHUB",
        "id": "VHN-90312",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1493",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1493"
      },
      {
        "db": "BID",
        "id": "81053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1493"
      }
    ]
  },
  "id": "VAR-201601-0464",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90312"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:39:01.200000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00048",
        "trust": 0.8,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
      },
      {
        "title": "Intel Driver Update Utility Fixes for arbitrary code execution vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59989"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-345",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1493"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
      },
      {
        "trust": 1.9,
        "url": "http://packetstormsecurity.com/files/135314/intel-driver-update-utility-2.2.0.5-man-in-the-middle.html"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2016/jan/56"
      },
      {
        "trust": 1.7,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00048\u0026languageid=en-fr"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1493"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1493"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/537327/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "https://downloadcenter.intel.com/download/24345/intel-driver-update-utility"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/content/www/us/en/homepage.html"
      },
      {
        "trust": 0.1,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00048\u0026amp;languageid=en-fr"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/345.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/81053"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1493"
      },
      {
        "db": "BID",
        "id": "81053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1493"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1493"
      },
      {
        "db": "BID",
        "id": "81053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1493"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90312"
      },
      {
        "date": "2016-01-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1493"
      },
      {
        "date": "2016-01-19T00:00:00",
        "db": "BID",
        "id": "81053"
      },
      {
        "date": "2016-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "date": "2016-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      },
      {
        "date": "2016-01-29T20:59:07.577000",
        "db": "NVD",
        "id": "CVE-2016-1493"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90312"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1493"
      },
      {
        "date": "2016-01-19T00:00:00",
        "db": "BID",
        "id": "81053"
      },
      {
        "date": "2016-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      },
      {
        "date": "2016-02-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-1493"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel Vulnerability to execute arbitrary code in Driver Update Utility",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001514"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-685"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-00462

Vulnerability from cnvd - Published: 2016-01-26

Title

Intel Driver Update Utility信息泄露漏洞

Description

Intel Driver Update Utility是分析计算机系统驱动程序的工具。 Intel Driver Update Utility 2.2.0.5版本在实现上存在中间人攻击漏洞，如果攻击者结合DNS欺骗执行ARP投毒，可绕过域验证方法VerifyDownloadURL，成功后可破坏数据传输的完整性、信息泄露及代码执行。

Severity

中

Patch Name

Intel Driver Update Utility信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm

Reference

http://www.linuxidc.com/Linux/2016-01/127656.htm https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1493

Impacted products

Name
Intel Driver Update Utility 2.2.0.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1493"
    }
  },
  "description": "Intel Driver Update Utility\u662f\u5206\u6790\u8ba1\u7b97\u673a\u7cfb\u7edf\u9a71\u52a8\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\r\n\r\nIntel Driver Update Utility 2.2.0.5\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\uff0c\u5982\u679c\u653b\u51fb\u8005\u7ed3\u5408DNS\u6b3a\u9a97\u6267\u884cARP\u6295\u6bd2\uff0c\u53ef\u7ed5\u8fc7\u57df\u9a8c\u8bc1\u65b9\u6cd5VerifyDownloadURL\uff0c\u6210\u529f\u540e\u53ef\u7834\u574f\u6570\u636e\u4f20\u8f93\u7684\u5b8c\u6574\u6027\u3001\u4fe1\u606f\u6cc4\u9732\u53ca\u4ee3\u7801\u6267\u884c\u3002",
  "discovererName": "Core Security Research Team",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.coresecurity.com/advisories/intel-driver-update-utility-mitm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00462",
  "openTime": "2016-01-26",
  "patchDescription": "Intel Driver Update Utility\u662f\u5206\u6790\u8ba1\u7b97\u673a\u7cfb\u7edf\u9a71\u52a8\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\r\n\r\nIntel Driver Update Utility 2.2.0.5\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\uff0c\u5982\u679c\u653b\u51fb\u8005\u7ed3\u5408DNS\u6b3a\u9a97\u6267\u884cARP\u6295\u6bd2\uff0c\u53ef\u7ed5\u8fc7\u57df\u9a8c\u8bc1\u65b9\u6cd5VerifyDownloadURL\uff0c\u6210\u529f\u540e\u53ef\u7834\u574f\u6570\u636e\u4f20\u8f93\u7684\u5b8c\u6574\u6027\u3001\u4fe1\u606f\u6cc4\u9732\u53ca\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Driver Update Utility\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Driver Update Utility  2.2.0.5"
  },
  "referenceLink": "http://www.linuxidc.com/Linux/2016-01/127656.htm\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1493",
  "serverity": "\u4e2d",
  "submitTime": "2016-01-22",
  "title": "Intel Driver Update Utility\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1493 (GCVE-0-2016-1493)

GHSA-RVJ2-JR49-7HC2

GSD-2016-1493

FKIE_CVE-2016-1493

VAR-201601-0464

CNVD-2016-00462

Tags

Sightings

Nomenclature