Vulnerability Description
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Driver Update Utility | 2.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-
- http://seclists.org/fulldisclosure/2016/Jan/56
- http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm
- http://www.securityfocus.com/archive/1/537327/100/0/threaded
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageiPatchVendor Advisory
- http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-
- http://seclists.org/fulldisclosure/2016/Jan/56
- http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm
- http://www.securityfocus.com/archive/1/537327/100/0/threaded
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageiPatchVendor Advisory
FAQ
What is CVE-2016-1493?
CVE-2016-1493 is a vulnerability with a CVSS score of 7.5 (HIGH). Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
How severe is CVE-2016-1493?
CVE-2016-1493 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1493?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Driver Update Utility.