CVE-2016-1493 - Insufficient Verification of Data Authenticity

Severity

76%

Complexity

49%

Confidentiality

165%

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C).

Overview

Type

Intel Driver Update Utility

First reported 9 years ago

2016-01-29 20:59:00

Last updated 6 years ago

2018-10-09 19:59:00

Affected Software

Intel Driver Update Utility 2.0

2.0

Intel Driver Update Utility 2.1

2.1

Intel Driver Update Utility 2.2

2.2

Intel Driver Update Utility 2.3

2.3

References

http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html

20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM

http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm

20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.