CVE-2019-11119
CVE-2019-11119 is a critical-severity vulnerability in Intel Raid Web Console 3 with a CVSS 3.x base score of 9.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- CVSS v2: 7.5
- EPSS exploit prediction: 2% (78th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Intel Raid Web Console 3
- Published:
- Last modified:
Description
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Frequently asked questions
- What is CVE-2019-11119?
- Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- How severe is CVE-2019-11119?
- CVE-2019-11119 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2019-11119 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (78th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-11119?
- CVE-2019-11119 affects Intel Raid Web Console 3. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2019-11119?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2019-11119 published?
- CVE-2019-11119 was published on 2019-06-13 and last updated on 2026-06-17.
References
- http://www.securityfocus.com/bid/108780
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html
Affected products (1)
- cpe:2.3:a:intel:raid_web_console_3:*:*:*:*:*:windows:*:*
More vulnerabilities in Intel Raid Web Console 3
- CVE-2020-0564 — High (CVSS 7.8): Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an…
- CVE-2019-14601 — High (CVSS 7.8): Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an…
- CVE-2020-8688 — High (CVSS 7.5): Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to…
- CVE-2018-3699 — Medium (CVSS 6.1): Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate…
- CVE-2018-3696 — Medium (CVSS 5.5): Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to…