VAR-201601-0464
Vulnerability from variot - Updated: 2025-04-13 23:39Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "driver update utility",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "2.0"
},
{
"model": "driver update utility",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "2.2"
},
{
"model": "driver update utility",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "2.3"
},
{
"model": "driver update utility",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "2.1"
},
{
"model": "driver update utility",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "2.4"
},
{
"model": "driver update utility",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2.2.0.5"
}
],
"sources": [
{
"db": "BID",
"id": "81053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-685"
},
{
"db": "NVD",
"id": "CVE-2016-1493"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intel:driver_update_utility",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joaqu\u00edn Rodr\u00edguez Varela from Core Security Advisories Team.",
"sources": [
{
"db": "BID",
"id": "81053"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1493",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2016-1493",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-90312",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2016-1493",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1493",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1493",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-685",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90312",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1493",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90312"
},
{
"db": "VULMON",
"id": "CVE-2016-1493"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-685"
},
{
"db": "NVD",
"id": "CVE-2016-1493"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. \nDue to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1493"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"db": "BID",
"id": "81053"
},
{
"db": "VULHUB",
"id": "VHN-90312"
},
{
"db": "VULMON",
"id": "CVE-2016-1493"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90312",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90312"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1493",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "135314",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-685",
"trust": 0.7
},
{
"db": "BID",
"id": "81053",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-90312",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1493",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90312"
},
{
"db": "VULMON",
"id": "CVE-2016-1493"
},
{
"db": "BID",
"id": "81053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-685"
},
{
"db": "NVD",
"id": "CVE-2016-1493"
}
]
},
"id": "VAR-201601-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90312"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:39:01.200000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00048",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048\u0026languageid=en-fr"
},
{
"title": "Intel Driver Update Utility Fixes for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-685"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90312"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"db": "NVD",
"id": "CVE-2016-1493"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm"
},
{
"trust": 1.9,
"url": "http://packetstormsecurity.com/files/135314/intel-driver-update-utility-2.2.0.5-man-in-the-middle.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2016/jan/56"
},
{
"trust": 1.7,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00048\u0026languageid=en-fr"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1493"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1493"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/537327/100/0/threaded"
},
{
"trust": 0.3,
"url": "https://downloadcenter.intel.com/download/24345/intel-driver-update-utility"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00048\u0026amp;languageid=en-fr"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/81053"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90312"
},
{
"db": "VULMON",
"id": "CVE-2016-1493"
},
{
"db": "BID",
"id": "81053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-685"
},
{
"db": "NVD",
"id": "CVE-2016-1493"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90312"
},
{
"db": "VULMON",
"id": "CVE-2016-1493"
},
{
"db": "BID",
"id": "81053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-685"
},
{
"db": "NVD",
"id": "CVE-2016-1493"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-29T00:00:00",
"db": "VULHUB",
"id": "VHN-90312"
},
{
"date": "2016-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1493"
},
{
"date": "2016-01-19T00:00:00",
"db": "BID",
"id": "81053"
},
{
"date": "2016-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"date": "2016-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-685"
},
{
"date": "2016-01-29T20:59:07.577000",
"db": "NVD",
"id": "CVE-2016-1493"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-90312"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1493"
},
{
"date": "2016-01-19T00:00:00",
"db": "BID",
"id": "81053"
},
{
"date": "2016-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001514"
},
{
"date": "2016-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-685"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1493"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-685"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Vulnerability to execute arbitrary code in Driver Update Utility",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-685"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…