Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-11094 (GCVE-0-2019-11094)
Vulnerability from cvelistv5 – Published: 2019-05-17 15:41 – Updated: 2024-08-04 22:40
VLAI?
EPSS
Summary
Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Escalation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel (R) NUC |
Affected:
Kit NUC8i7HNK BIOS and Kit NUC8i7HVK BIOS before version 0054. Kit NUC7i7DNHE BIOS, Kit NUC7i7DNKE BIOS, Kit NUC7i5DNHE, Kit NUC7i5DNHE and Board NUC7i7DNBE BIOS before version 0062.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel (R) NUC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Kit NUC8i7HNK BIOS and Kit NUC8i7HVK BIOS before version 0054. Kit NUC7i7DNHE BIOS, Kit NUC7i7DNKE BIOS, Kit NUC7i5DNHE, Kit NUC7i5DNHE and Board NUC7i7DNBE BIOS before version 0062."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:41:37.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel (R) NUC",
"version": {
"version_data": [
{
"version_value": "Kit NUC8i7HNK BIOS and Kit NUC8i7HVK BIOS before version 0054. Kit NUC7i7DNHE BIOS, Kit NUC7i7DNKE BIOS, Kit NUC7i5DNHE, Kit NUC7i5DNHE and Board NUC7i7DNBE BIOS before version 0062."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11094",
"datePublished": "2019-05-17T15:41:37.000Z",
"dateReserved": "2019-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:16.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2019-AVI-208
Vulnerability from certfr_avis - Published: 2019-05-14 - Updated: 2019-05-14
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel NUC Kit NUC8i7HNK avec une version du BIOS antérieure à 0054 | ||
| Intel | N/A | Intel Server Board | ||
| Intel | N/A | Intel Server System | ||
| Intel | N/A | Intel Celeron N Series | ||
| Intel | N/A | Intel Unite Client versions antérieures à v3.3.176.13 | ||
| Intel | N/A | Intel NUC Board NUC7i7DNBE avec une version du BIOS antérieure à 0062 | ||
| Intel | N/A | Intel Atom Processor A Series | ||
| Intel | N/A | Intel Unite Client for Android versions antérieures à 4.0 | ||
| Intel | N/A | Intel i915 Graphics pour Linux versions antérieures à 5.0 | ||
| Intel | N/A | Intel Compute Module | ||
| Intel | N/A | Intel PROSet/Wireless WiFi versions antérieures à 21.0 | ||
| Intel | N/A | Intel NUC Kit NUC8i7HVK avec une version du BIOS antérieure à 0054 | ||
| Intel | N/A | Intel ACU Wizard Configurator_download_package versions antérieures à 12.1.0.87 | ||
| Intel | N/A | Intel Celeron J Series | ||
| Intel | N/A | Intel Xeon Processor D Family | ||
| Intel | N/A | Intel NUC Kit NUC7i5DNHE avec une version du BIOS antérieure à 0062 | ||
| Intel | N/A | Intel Driver & Support Assistant versions antérieures à 19.4.18 | ||
| Intel | N/A | Intel Graphics Driver pour Windows sans le dernier correctif de sécurité | ||
| Intel | N/A | Intel NUC Kit NUC7i7DNHE avec une version du BIOS antérieure à 0062 | ||
| Intel | N/A | Intel Pentium Processor Silver Series | ||
| Intel | N/A | Intel Quartus II et Intel Quartus Prime Standard Edition versions antérieures à 18.1.1 | ||
| Intel | N/A | Intel NUC Kit NUC7i7DNKE avec une version du BIOS antérieure à 0062 | ||
| Intel | N/A | Intel Pentium Processor J Series | ||
| Intel | N/A | Intel SCS Discovery Utility avec SCS_download_package versions antérieures à 12.1.0.87 | ||
| Intel | N/A | Intel Atom Processor E3900 Series | ||
| Intel | N/A | Intel Xeon Scalable Processor | ||
| Intel | N/A | Intel Pentium Processor N Series | ||
| Intel | N/A | Intel Quartus Prime Pro Edition versions antérieures à 19.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel NUC Kit NUC8i7HNK avec une version du BIOS ant\u00e9rieure \u00e0 0054",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server System",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Celeron N Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Unite Client versions ant\u00e9rieures \u00e0 v3.3.176.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Board NUC7i7DNBE avec une version du BIOS ant\u00e9rieure \u00e0 0062",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Atom Processor A Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Unite Client for Android versions ant\u00e9rieures \u00e0 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel i915 Graphics pour Linux versions ant\u00e9rieures \u00e0 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Module",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 21.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC8i7HVK avec une version du BIOS ant\u00e9rieure \u00e0 0054",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ACU Wizard Configurator_download_package versions ant\u00e9rieures \u00e0 12.1.0.87",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Celeron J Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Xeon Processor D Family",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i5DNHE avec une version du BIOS ant\u00e9rieure \u00e0 0062",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Driver \u0026 Support Assistant versions ant\u00e9rieures \u00e0 19.4.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Graphics Driver pour Windows sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7DNHE avec une version du BIOS ant\u00e9rieure \u00e0 0062",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Pentium Processor Silver Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus II et Intel Quartus Prime Standard Edition versions ant\u00e9rieures \u00e0 18.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7DNKE avec une version du BIOS ant\u00e9rieure \u00e0 0062",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Pentium Processor J Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SCS Discovery Utility avec SCS_download_package versions ant\u00e9rieures \u00e0 12.1.0.87",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Atom Processor E3900 Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Xeon Scalable Processor",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Pentium Processor N Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Pro Edition versions ant\u00e9rieures \u00e0 19.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0138"
},
{
"name": "CVE-2019-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0120"
},
{
"name": "CVE-2019-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0115"
},
{
"name": "CVE-2019-0132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0132"
},
{
"name": "CVE-2019-11093",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11093"
},
{
"name": "CVE-2019-11085",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11085"
},
{
"name": "CVE-2019-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0114"
},
{
"name": "CVE-2019-11094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11094"
},
{
"name": "CVE-2018-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3701"
},
{
"name": "CVE-2019-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0113"
},
{
"name": "CVE-2019-11114",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11114"
},
{
"name": "CVE-2019-0126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0126"
},
{
"name": "CVE-2019-11095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11095"
},
{
"name": "CVE-2019-0171",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0171"
},
{
"name": "CVE-2019-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0119"
},
{
"name": "CVE-2019-0172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0172"
},
{
"name": "CVE-2019-0116",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0116"
}
],
"initial_release_date": "2019-05-14T00:00:00",
"last_revision_date": "2019-05-14T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-208",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00244 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00245 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00249 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00223 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00251 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00204 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00234 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00218 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00228 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00252 du 14 mai 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html"
}
]
}
GHSA-25H5-M4R3-86JM
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:42
VLAI?
Details
Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2019-11094"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-17T16:29:00Z",
"severity": "HIGH"
},
"details": "Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.",
"id": "GHSA-25h5-m4r3-86jm",
"modified": "2024-04-04T00:42:13Z",
"published": "2022-05-24T16:46:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11094"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-11094
Vulnerability from gsd - Updated: 2023-12-13 01:24Details
Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-11094",
"description": "Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.",
"id": "GSD-2019-11094"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-11094"
],
"details": "Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.",
"id": "GSD-2019-11094",
"modified": "2023-12-13T01:24:02.650537Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel (R) NUC",
"version": {
"version_data": [
{
"version_value": "Kit NUC8i7HNK BIOS and Kit NUC8i7HVK BIOS before version 0054. Kit NUC7i7DNHE BIOS, Kit NUC7i7DNKE BIOS, Kit NUC7i5DNHE, Kit NUC7i5DNHE and Board NUC7i7DNBE BIOS before version 0062."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc6i5syh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc6i7kyk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7i3dnhe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_d33217gke:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc5i5myhe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc5pgyh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7i7bnh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_d54250wyb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_de3815tybe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc5cpyh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_d53427rke:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc5i3myhe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc5i7ryh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7i5dnke:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7i7dnke:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11094"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html",
"refsource": "MISC",
"tags": [
"Not Applicable"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-05-21T14:35Z",
"publishedDate": "2019-05-17T16:29Z"
}
}
}
FKIE_CVE-2019-11094
Vulnerability from fkie_nvd - Published: 2019-05-17 16:29 - Updated: 2024-11-21 04:20
Severity ?
Summary
Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71AA56A6-EB26-4A62-83EC-6961BC24D4DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_kit_d33217gke:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02BFB59F-D932-43E5-9A41-3AE3A9047DCE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_d53427rke:-:*:*:*:*:*:*:*",
"matchCriteriaId": "412647D8-EA12-4EE6-A2D3-71DDFD963BF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_d54250wyb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DB94BE-7F38-4029-954E-EFE1AC614798",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_de3815tybe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F83FBC94-6D65-4A44-992D-2A5AECC59E49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "738AD9B2-1055-42D0-8D16-205340BE3BE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc5cpyh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB62714-4F2E-4980-9898-BBC4B06085F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i3myhe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97B8B238-D4DA-40A8-92CD-42B0EB6B1E2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i5myhe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5226BE-680C-4915-AB23-EABC588DCC0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i7ryh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D56B57-D4CD-47E9-AE86-B1307D3609B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc5pgyh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9ED06A8-FABF-431E-A5F4-F1B50E1F51B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A261B82-5F54-4556-B1D1-53F0CFDF1830",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc6i5syh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3892CA36-86BF-4861-8C32-657212EABC92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc6i7kyk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC80B8F-D912-40D3-90AF-00DDF6A91AED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "573F0989-6A34-4595-A298-EA1B88C61BD9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i3dnhe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3143ABA5-9741-4CD2-AB9A-A7600EA6E32F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i5dnke:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF7E820-8567-4E9A-8247-5E1665FFF8BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i7bnh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DE3105-8418-4CA3-80B0-5EE4E394D58F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i7dnke:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFDFEB2-B10D-489E-B51C-10FA84E65858",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "244CD6EC-780A-405E-8CFA-666A666FF7D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada insuficiente en el firmware del sistema para Intel (R) NUC Kit puede permitir que un usuario autenticado habilite potencialmente el aumento de privilegios, la denegaci\u00f3n de servicio y/o la divulgaci\u00f3n de informaci\u00f3n mediante un acceso local."
}
],
"id": "CVE-2019-11094",
"lastModified": "2024-11-21T04:20:31.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:03.187",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Not Applicable"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-11094
Vulnerability from fstec - Published: 14.05.2019
VLAI Severity ?
Title
Уязвимость в встроенном программном обеспечении Intel NUC Kit, связанная с недостаточной проверкой входных данных, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Description
Уязвимость в встроенном программном обеспечении Intel NUC Kit связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Severity ?
Vendor
Intel Corp.
Software Name
Intel NUC Kit NUC8i7HNK, Intel NUC Kit NUC8i7HVK, Intel NUC Kit NUC7i7DNHE, Intel NUC Kit NUC7i7DNKE, Intel NUC Kit NUC7i5DNHE, Intel NUC Board NUC7i7DNBE
Software Version
до 0054 (Intel NUC Kit NUC8i7HNK), до 0054 (Intel NUC Kit NUC8i7HVK), до 0062 (Intel NUC Kit NUC7i7DNHE), до 0062 (Intel NUC Kit NUC7i7DNKE), до 0062 (Intel NUC Kit NUC7i5DNHE), до 0062 (Intel NUC Board NUC7i7DNBE)
Possible Mitigations
Использование рекомендаций:
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html
Reference
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Intel Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 0054 (Intel NUC Kit NUC8i7HNK), \u0434\u043e 0054 (Intel NUC Kit NUC8i7HVK), \u0434\u043e 0062 (Intel NUC Kit NUC7i7DNHE), \u0434\u043e 0062 (Intel NUC Kit NUC7i7DNKE), \u0434\u043e 0062 (Intel NUC Kit NUC7i5DNHE), \u0434\u043e 0062 (Intel NUC Board NUC7i7DNBE)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.05.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.05.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01869",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-11094",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Intel NUC Kit NUC8i7HNK, Intel NUC Kit NUC8i7HVK, Intel NUC Kit NUC7i7DNHE, Intel NUC Kit NUC7i7DNKE, Intel NUC Kit NUC7i5DNHE, Intel NUC Board NUC7i7DNBE",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Intel NUC Kit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Intel NUC Kit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0443\u043a\u0430\u0437\u0430\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 BIOS",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c",
"\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
CNVD-2019-42729
Vulnerability from cnvd - Published: 2019-11-28
VLAI Severity ?
Title
Intel NUC Kit输入验证错误漏洞(CNVD-2019-42729)
Description
Intel (R) NUC Kit是英特尔公司的一款mini主机。
Intel (R) NUC Kit中的系统固件存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞访问启用特权升级,拒绝服务和/或信息泄露。
Severity
中
Patch Name
Intel NUC Kit输入验证错误漏洞(CNVD-2019-42729)的补丁
Patch Description
Intel (R) NUC Kit是英特尔公司的一款mini主机。
Intel (R) NUC Kit中的系统固件存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞访问启用特权升级,拒绝服务和/或信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: www.intel.comhttps://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html
Reference
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html
Impacted products
| Name | Intel NUC kits |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-11094",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11094"
}
},
"description": "Intel (R) NUC Kit\u662f\u82f1\u7279\u5c14\u516c\u53f8\u7684\u4e00\u6b3emini\u4e3b\u673a\u3002\n\nIntel (R) NUC Kit\u4e2d\u7684\u7cfb\u7edf\u56fa\u4ef6\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u542f\u7528\u7279\u6743\u5347\u7ea7\uff0c\u62d2\u7edd\u670d\u52a1\u548c/\u6216\u4fe1\u606f\u6cc4\u9732\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nwww.intel.comhttps://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-42729",
"openTime": "2019-11-28",
"patchDescription": "Intel (R) NUC Kit\u662f\u82f1\u7279\u5c14\u516c\u53f8\u7684\u4e00\u6b3emini\u4e3b\u673a\u3002\r\n\r\nIntel (R) NUC Kit\u4e2d\u7684\u7cfb\u7edf\u56fa\u4ef6\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u542f\u7528\u7279\u6743\u5347\u7ea7\uff0c\u62d2\u7edd\u670d\u52a1\u548c/\u6216\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Intel NUC Kit\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-42729\uff09\u7684\u8865\u4e01",
"products": {
"product": "Intel NUC kits"
},
"referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00251.html",
"serverity": "\u4e2d",
"submitTime": "2019-05-22",
"title": "Intel NUC Kit\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-42729\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…