Intel Data Center Manager SDK

Plan Patch8.8ICS-CERT ICSA-19-050-01Feb 19, 2019

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Intel Data Center Manager SDK versions prior to 5.0.2 contain multiple vulnerabilities in authentication, access control, and privilege separation (CWE-287, CWE-693, CWE-284, CWE-1391, CWE-691) that allow unauthenticated or low-privileged attackers on the local network to escalate privileges, cause denial of service, or disclose sensitive information. The affected component is a software development kit used for managing Intel-based data center hardware and infrastructure.

What this means

What could happen

An attacker with network access to the Data Center Manager SDK could escalate privileges, disrupt monitoring and management functions, or extract sensitive system information from your data center infrastructure.

Who's at risk

This advisory affects data center operators and IT infrastructure teams who use Intel Data Center Manager SDK for monitoring and managing servers, storage, and network hardware in their facilities. It is particularly relevant to organizations running large-scale on-premises infrastructure or hybrid environments.

How it could be exploited

An attacker on the network segment where the SDK is deployed could exploit authentication or access control flaws to gain elevated privileges within the management system, allowing them to issue commands or access protected data without proper credentials.

Prerequisites

Network access to the Data Center Manager SDK
No valid credentials required for initial exploitation

No authentication requiredLow attack complexityHigh CVSS score (8.8)Network-adjacent attack vector (requires local network access)

Exploitability

Moderate exploit probability (EPSS 2.5%)

Affected products (1)

ProductAffected VersionsFix Status

Data Center Manager SDK: prior to< 5.0.25.0.2

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the SDK—ensure it is not reachable from the Internet or business network; place it behind a firewall on a dedicated management network

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Data Center Manager SDK to version 5.0.2 or later

HARDENINGIf remote management access is required, use a VPN with current security patches and strong authentication

CVEs (11)

CVE-2019-0102 CVE-2019-0103 CVE-2019-0104 CVE-2019-0105 CVE-2019-0106 CVE-2019-0107 CVE-2019-0108 CVE-2019-0109 CVE-2019-0110 CVE-2019-0111 CVE-2019-0112

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f9ab2156-08a4-48ce-8e71-a1cc5df607eb