Intel(R) SCS Discovery Utility 12.0.0.129 Remote Code Execution Vulnerability

Summary

Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Credit:

The information has been provided by Marius Gabriel Mihai.
The original article can be found at: https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00234.html


Details

Intel Scs Discovery Utility is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • Intel Scs Discovery Utility 12.0.0.129

CVE Information:
CVE-2019-11093

Disclosure Timeline:
Publish Date:05/17/2019