Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-11125 (GCVE-0-2019-11125)
Vulnerability from cvelistv5 – Published: 2019-06-13 15:36 – Updated: 2024-08-04 22:48
VLAI?
EPSS
Summary
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- escalation of privilege, denial of service and/or information disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Firmware |
Affected:
Please see reference document.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"name": "108766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) NUC Firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Please see reference document."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege, denial of service and/or information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-24T15:46:52.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"name": "108766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) NUC Firmware",
"version": {
"version_data": [
{
"version_value": "Please see reference document."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege, denial of service and/or information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"name": "108766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11125",
"datePublished": "2019-06-13T15:36:25.000Z",
"dateReserved": "2019-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:48:08.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11125
Vulnerability from fstec - Published: 11.06.2019
VLAI Severity ?
Title
Уязвимость встроенного программного обеспечения Intel NUC Kit, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к защищаемой информации, вызвать отказ в обслуживании или повысить свои привилегии
Description
Уязвимость встроенного программного обеспечения Intel NUC Kit связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю получить доступ к защищаемой информации, вызвать отказ в обслуживании или повысить свои привилегии
Severity ?
Vendor
Intel Corp.
Software Name
Intel NUC Kit NUC8i7HNK, Intel NUC Kit NUC8i7HVK, Intel NUC Kit NUC8i3BEx, Intel NUC Kit NUC8i5BEx, Intel NUC Kit NUC8i7BEx, Intel Compute Card CD1C64GK, Intel Compute Card CD1P64GK, Intel NUC Kit NUC8i3CYx, Intel NUC Kit NUC7i3DNx, Intel NUC Kit NUC7i5DNx, Intel NUC Kit NUC7i7DNx, Intel Compute Stick STK2M3W64CC, Intel Compute Stick STK2M364CC, Intel Compute Stick STK2MV64CC, Intel NUC Kit NUC6i7KYk, Intel NUC Kit NUC7PJY, Intel NUC Kit NUC7CJY, Intel NUC KitNUC6CAYx, Intel NUC Kit DE3815TYB (BIOS ID CODE TYBYT20H.86A), Intel NUC Kit DE3815TYB (BIOS ID CODE TYBYT10H.86A), Intel NUC Kit NUC5CPYH, Intel NUC Kit NUC5PGYH, Intel NUC Kit NUC5PPYH, Intel NUC Kit NUC5i3RYx, Intel NUC Kit NUC5i5RYx, Intel NUC Kit NUC5i7RYx, Intel NUC Kit D34010WYx, Intel NUC Kit D54250WYx, Intel NUC Kit NUC6i3SYx, Intel NUC Kit NUC6i5SYx, Intel NUC Kit NUC7i3BNx, Intel NUC Kit NUC7i5BNx, Intel NUC Kit NUC7i7BNx, Intel Compute Card CD1IV128MK, Intel Compute Card CD1M3128MK, Intel Compute Stick STCK1A8LFC, Intel Compute Stick STCK1A32WFC, Intel NUC Kit DN2820FYKH, Intel NUC Kit NUC5i5MYx, Intel NUC Kit NUC5i3MYx
Software Version
до 0054 (Intel NUC Kit NUC8i7HNK), до 0054 (Intel NUC Kit NUC8i7HVK), до 0071 (Intel NUC Kit NUC8i3BEx), до 0071 (Intel NUC Kit NUC8i5BEx), до 0071 (Intel NUC Kit NUC8i7BEx), до 0050 (Intel Compute Card CD1C64GK), до 0050 (Intel Compute Card CD1P64GK), до 0040 (Intel NUC Kit NUC8i3CYx), до 0063 (Intel NUC Kit NUC7i3DNx), до 0063 (Intel NUC Kit NUC7i5DNx), до 0063 (Intel NUC Kit NUC7i7DNx), до 0060 (Intel Compute Stick STK2M3W64CC), до 0060 (Intel Compute Stick STK2M364CC), до 0060 (Intel Compute Stick STK2MV64CC), до 0062 (Intel NUC Kit NUC6i7KYk), до 0049 (Intel NUC Kit NUC7PJY), до 0049 (Intel NUC Kit NUC7CJY), до 0060 (Intel NUC KitNUC6CAYx), до 0020 (Intel NUC Kit DE3815TYB (BIOS ID CODE TYBYT20H.86A)), до 0065 (Intel NUC Kit DE3815TYB (BIOS ID CODE TYBYT10H.86A)), до 0076 (Intel NUC Kit NUC5CPYH), до 0076 (Intel NUC Kit NUC5PGYH), до 0076 (Intel NUC Kit NUC5PPYH), до 0379 (Intel NUC Kit NUC5i3RYx), до 0379 (Intel NUC Kit NUC5i5RYx), до 0379 (Intel NUC Kit NUC5i7RYx), до 0051 (Intel NUC Kit D34010WYx), до 0051 (Intel NUC Kit D54250WYx), до 0070 (Intel NUC Kit NUC6i3SYx), до 0070 (Intel NUC Kit NUC6i5SYx), до 0079 (Intel NUC Kit NUC7i3BNx), до 0079 (Intel NUC Kit NUC7i5BNx), до 0079 (Intel NUC Kit NUC7i7BNx), до 0036 (Intel Compute Card CD1IV128MK), до 0056 (Intel Compute Card CD1M3128MK), до 0039 (Intel Compute Stick STCK1A8LFC), до 0039 (Intel Compute Stick STCK1A32WFC), до 0067 (Intel NUC Kit DN2820FYKH), до 0051 (Intel NUC Kit NUC5i5MYx), до 0054 (Intel NUC Kit NUC5i3MYx)
Possible Mitigations
Использование рекомендаций:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
Reference
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
https://vuldb.com/?id.136464
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Intel Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 0054 (Intel NUC Kit NUC8i7HNK), \u0434\u043e 0054 (Intel NUC Kit NUC8i7HVK), \u0434\u043e 0071 (Intel NUC Kit NUC8i3BEx), \u0434\u043e 0071 (Intel NUC Kit NUC8i5BEx), \u0434\u043e 0071 (Intel NUC Kit NUC8i7BEx), \u0434\u043e 0050 (Intel Compute Card CD1C64GK), \u0434\u043e 0050 (Intel Compute Card CD1P64GK), \u0434\u043e 0040 (Intel NUC Kit NUC8i3CYx), \u0434\u043e 0063 (Intel NUC Kit NUC7i3DNx), \u0434\u043e 0063 (Intel NUC Kit NUC7i5DNx), \u0434\u043e 0063 (Intel NUC Kit NUC7i7DNx), \u0434\u043e 0060 (Intel Compute Stick STK2M3W64CC), \u0434\u043e 0060 (Intel Compute Stick STK2M364CC), \u0434\u043e 0060 (Intel Compute Stick STK2MV64CC), \u0434\u043e 0062 (Intel NUC Kit NUC6i7KYk), \u0434\u043e 0049 (Intel NUC Kit NUC7PJY), \u0434\u043e 0049 (Intel NUC Kit NUC7CJY), \u0434\u043e 0060 (Intel NUC KitNUC6CAYx), \u0434\u043e 0020 (Intel NUC Kit DE3815TYB (BIOS ID CODE TYBYT20H.86A)), \u0434\u043e 0065 (Intel NUC Kit DE3815TYB (BIOS ID CODE TYBYT10H.86A)), \u0434\u043e 0076 (Intel NUC Kit NUC5CPYH), \u0434\u043e 0076 (Intel NUC Kit NUC5PGYH), \u0434\u043e 0076 (Intel NUC Kit NUC5PPYH), \u0434\u043e 0379 (Intel NUC Kit NUC5i3RYx), \u0434\u043e 0379 (Intel NUC Kit NUC5i5RYx), \u0434\u043e 0379 (Intel NUC Kit NUC5i7RYx), \u0434\u043e 0051 (Intel NUC Kit D34010WYx), \u0434\u043e 0051 (Intel NUC Kit D54250WYx), \u0434\u043e 0070 (Intel NUC Kit NUC6i3SYx), \u0434\u043e 0070 (Intel NUC Kit NUC6i5SYx), \u0434\u043e 0079 (Intel NUC Kit NUC7i3BNx), \u0434\u043e 0079 (Intel NUC Kit NUC7i5BNx), \u0434\u043e 0079 (Intel NUC Kit NUC7i7BNx), \u0434\u043e 0036 (Intel Compute Card CD1IV128MK), \u0434\u043e 0056 (Intel Compute Card CD1M3128MK), \u0434\u043e 0039 (Intel Compute Stick STCK1A8LFC), \u0434\u043e 0039 (Intel Compute Stick STCK1A32WFC), \u0434\u043e 0067 (Intel NUC Kit DN2820FYKH), \u0434\u043e 0051 (Intel NUC Kit NUC5i5MYx), \u0434\u043e 0054 (Intel NUC Kit NUC5i3MYx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.06.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.06.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02166",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-11125",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Intel NUC Kit NUC8i7HNK, Intel NUC Kit NUC8i7HVK, Intel NUC Kit NUC8i3BEx, Intel NUC Kit NUC8i5BEx, Intel NUC Kit NUC8i7BEx, Intel Compute Card CD1C64GK, Intel Compute Card CD1P64GK, Intel NUC Kit NUC8i3CYx, Intel NUC Kit NUC7i3DNx, Intel NUC Kit NUC7i5DNx, Intel NUC Kit NUC7i7DNx, Intel Compute Stick STK2M3W64CC, Intel Compute Stick STK2M364CC, Intel Compute Stick STK2MV64CC, Intel NUC Kit NUC6i7KYk, Intel NUC Kit NUC7PJY, Intel NUC Kit NUC7CJY, Intel NUC KitNUC6CAYx, Intel NUC Kit DE3815TYB (BIOS ID CODE TYBYT20H.86A), Intel NUC Kit DE3815TYB (BIOS ID CODE TYBYT10H.86A), Intel NUC Kit NUC5CPYH, Intel NUC Kit NUC5PGYH, Intel NUC Kit NUC5PPYH, Intel NUC Kit NUC5i3RYx, Intel NUC Kit NUC5i5RYx, Intel NUC Kit NUC5i7RYx, Intel NUC Kit D34010WYx, Intel NUC Kit D54250WYx, Intel NUC Kit NUC6i3SYx, Intel NUC Kit NUC6i5SYx, Intel NUC Kit NUC7i3BNx, Intel NUC Kit NUC7i5BNx, Intel NUC Kit NUC7i7BNx, Intel Compute Card CD1IV128MK, Intel Compute Card CD1M3128MK, Intel Compute Stick STCK1A8LFC, Intel Compute Stick STCK1A32WFC, Intel NUC Kit DN2820FYKH, Intel NUC Kit NUC5i5MYx, Intel NUC Kit NUC5i3MYx",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Intel NUC Kit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Intel NUC Kit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0443\u043a\u0430\u0437\u0430\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 BIOS",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html\nhttps://vuldb.com/?id.136464",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
CERTFR-2019-AVI-271
Vulnerability from certfr_avis - Published: 2019-06-14 - Updated: 2019-06-14
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel Core X-series Processors, 4th Generation Intel Core i5 Processors,4th Generation Intel Core i3 Processors, Intel Pentium Processor G Series, Intel Pentium Processor 3000 Series, Intel Celeron Processor 2000 Series, Intel Xeon Processor E7 v3 Family, Intel Xeon Processor E5 v3 Family et Intel Xeon Processor E3 v3 Family | ||
| Intel | N/A | ITE Tech Consumer Infrared Driver pour Windows 10 versions antérieures à 5.4.3.0 | ||
| Intel | N/A | Intel NUC, vérifier sur le site du constructeur pour les versions vulnérables (cf. section Documentation). | ||
| Intel | N/A | Intel Omni-Path Fabric Manager GUI versions antérieures à 10.9.2.1.1 | ||
| Intel | N/A | Intel Accelerated Storage Manager dans Intel RSTe versions antérieures à 5.5.0.2015 | ||
| Intel | N/A | Intel RAID Web Console 3 pour Windows versions antérieures à 7.009.011.000 | ||
| Intel | N/A | Intel Turbo Boost Max Technology 3.0 microgiciels versions 1.0.0.1035 et antérieures | ||
| Intel | N/A | Intel PROSet/Wireless WiFi Software versions antérieures à 21.10 pour Microsoft Windows 7, 8.1 et 10 | ||
| Intel | N/A | Intel SGX DCAP Linux driver versions antérieures à 1.1 | ||
| Intel | N/A | Intel Chipset Device Software (INF Update Utility) versions antérieures à 10.1.1.45 | ||
| Intel | N/A | Intel SGX Linux client driver versions antérieures à 2.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel Core X-series Processors, 4th Generation Intel Core i5 Processors,4th Generation Intel Core i3 Processors, Intel Pentium Processor G Series, Intel Pentium Processor 3000 Series, Intel Celeron Processor 2000 Series, Intel Xeon Processor E7 v3 Family, Intel Xeon Processor E5 v3 Family et Intel Xeon Processor E3 v3 Family",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "ITE Tech Consumer Infrared Driver pour Windows 10 versions ant\u00e9rieures \u00e0 5.4.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC, v\u00e9rifier sur le site du constructeur pour les versions vuln\u00e9rables (cf. section Documentation).",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Omni-Path Fabric Manager GUI versions ant\u00e9rieures \u00e0 10.9.2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Accelerated Storage Manager dans Intel RSTe versions ant\u00e9rieures \u00e0 5.5.0.2015",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel RAID Web Console 3 pour Windows versions ant\u00e9rieures \u00e0 7.009.011.000",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Turbo Boost Max Technology 3.0 microgiciels versions 1.0.0.1035 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel PROSet/Wireless WiFi Software versions ant\u00e9rieures \u00e0 21.10 pour Microsoft Windows 7, 8.1 et 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX DCAP Linux driver versions ant\u00e9rieures \u00e0 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Chipset Device Software (INF Update Utility) versions ant\u00e9rieures \u00e0 10.1.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX Linux client driver versions ant\u00e9rieures \u00e0 2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11125"
},
{
"name": "CVE-2019-0178",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0178"
},
{
"name": "CVE-2019-0174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0174"
},
{
"name": "CVE-2019-11117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11117"
},
{
"name": "CVE-2019-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0130"
},
{
"name": "CVE-2019-11124",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11124"
},
{
"name": "CVE-2019-0164",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0164"
},
{
"name": "CVE-2019-0181",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0181"
},
{
"name": "CVE-2019-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0179"
},
{
"name": "CVE-2019-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0128"
},
{
"name": "CVE-2019-11127",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11127"
},
{
"name": "CVE-2019-11126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11126"
},
{
"name": "CVE-2019-0175",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0175"
},
{
"name": "CVE-2019-0180",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0180"
},
{
"name": "CVE-2019-11129",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11129"
},
{
"name": "CVE-2018-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3702"
},
{
"name": "CVE-2019-0177",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0177"
},
{
"name": "CVE-2019-11092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11092"
},
{
"name": "CVE-2019-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0136"
},
{
"name": "CVE-2019-0183",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0183"
},
{
"name": "CVE-2019-0182",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0182"
},
{
"name": "CVE-2019-0157",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0157"
},
{
"name": "CVE-2019-11119",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11119"
},
{
"name": "CVE-2019-11128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11128"
},
{
"name": "CVE-2019-11123",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11123"
}
],
"initial_release_date": "2019-06-14T00:00:00",
"last_revision_date": "2019-06-14T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-271",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00259 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00232 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00206 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00235 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00243 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00257 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00224 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00226 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00247 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00264 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00248 du 11 juin 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html"
}
]
}
FKIE_CVE-2019-11125
Vulnerability from fkie_nvd - Published: 2019-06-13 16:29 - Updated: 2024-11-21 04:20
Severity ?
Summary
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71AA56A6-EB26-4A62-83EC-6961BC24D4DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88D13413-C312-450A-90D5-48BEB1A9036E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_d34010wyx:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C02113-34E3-4C07-93D3-4AA22E9217DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_d54250wyx:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E48A01-63CF-4C0F-836B-2BB06A28094F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_de3815tyb:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED26383-FE24-4730-9593-1B87B51AA651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_dn2820fykh:*:*:*:*:*:*:*",
"matchCriteriaId": "633D585D-B1A7-4DEF-AC47-F513088F94FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5cpyh:*:*:*:*:*:*:*",
"matchCriteriaId": "77D3091A-D8C4-40AD-958C-C1CDB7C250EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i3myx:*:*:*:*:*:*:*",
"matchCriteriaId": "97C44293-9E69-4E3E-A59B-27138066B105",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i3ryx:*:*:*:*:*:*:*",
"matchCriteriaId": "6B548392-6051-44CA-B8A8-DB3886CE7FBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i5myx:*:*:*:*:*:*:*",
"matchCriteriaId": "511FE5B3-5AE5-4428-BA4A-5B45941D9B62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i5ryx:*:*:*:*:*:*:*",
"matchCriteriaId": "EC61C3BA-8456-4851-A1F0-E1D6A47F938E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i7ryx:*:*:*:*:*:*:*",
"matchCriteriaId": "E96F930E-F0E1-4611-B205-E0169ECD9491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5pgyh:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B59679-B316-46FC-9426-72A8D95B0DE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5ppyh:*:*:*:*:*:*:*",
"matchCriteriaId": "C8728A26-E1A4-4215-8FFE-3638782DA739",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc6cayx:*:*:*:*:*:*:*",
"matchCriteriaId": "6637B704-3905-4F6A-A2CF-DB18E2A776C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc6i3syx:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1C6ED2-180E-4C53-8B3A-A9A67FEE2FDA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc6i5syx:*:*:*:*:*:*:*",
"matchCriteriaId": "548B342B-0E6C-4E74-BF67-450D0E84BA9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc6i7kyk:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBFF3B1-237E-4E0D-8B94-E9F2215851E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7cjy:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5262A4-2C3B-4801-870B-3F4D431DEC46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i3bnx:*:*:*:*:*:*:*",
"matchCriteriaId": "36F5E5C2-F307-45CF-ABAF-89164FF2746B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i3dnx:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1903DA-B3FF-4B9B-941D-6F9AD0EBF2A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i5bnx:*:*:*:*:*:*:*",
"matchCriteriaId": "57B2AFD1-357D-473A-A5A1-ED8F20FBE3A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i5dnx:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CDAC90-836E-45B3-BFA3-32268E54064A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i7bnx:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8FE994-6637-4109-A050-C98A0A1BEFEA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i7dnx:*:*:*:*:*:*:*",
"matchCriteriaId": "09834DD2-6FD4-4A70-AAAF-EF1814DF0732",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7pjy:*:*:*:*:*:*:*",
"matchCriteriaId": "93745511-0B33-4F55-9021-318B751087A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i3cyx:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFFFA1-B4CD-44FA-9FDB-1DCC39E06491",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i5bex:*:*:*:*:*:*:*",
"matchCriteriaId": "A23E8A97-3460-4C6F-BA5C-0188DF367AB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i7bex:*:*:*:*:*:*:*",
"matchCriteriaId": "1D44CAA8-EAA5-4997-8C43-169D96776D0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i7hnk:*:*:*:*:*:*:*",
"matchCriteriaId": "D86F9BA9-430F-4081-925F-0F59E1ADF1D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i7hvk:*:*:*:*:*:*:*",
"matchCriteriaId": "88A2B949-34AB-4C5D-84C0-CC502A887208",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:compute_card_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F811493-1AB4-47BC-B942-2E93A7349843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:compute_card_cd1c64gk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F05A36D1-E417-4904-9DBB-C5828F6521B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:compute_card_cd1iv128mk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEA643F-FE21-45B0-AC74-D87D7D864D10",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:compute_card_cd1m3128mk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FA6131-F3C8-4B98-B4E8-C320C262F750",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:compute_card_cd1p64gk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3D93D1-5772-4806-9428-9AB26B32D210",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:compute_stick_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "202B4308-A49D-487D-A04D-FE34235F61C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E453448C-AA11-48E3-8423-60E62A10D0CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:compute_stick_stck1a8lfc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17AA0B4A-67AF-466E-BCA6-A8654CA99406",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:compute_stick_stk2m364cc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E8B2EE-302C-4019-A20E-025AAB7E8C9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:compute_stick_stk2m3w64cc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9A90BE5-6136-43A9-BC91-9474D3D0EEF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:compute_stick_stk2mv64cc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0C9D80-37A3-43E5-B818-55532F613436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada insuficiente en system firmware para Intel(R) NUC Kit puede permitir a un usuario privilegiado habilitar potencialmente un aumento de privilegio, denegaci\u00f3n , de servicio, y/o revelaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"id": "CVE-2019-11125",
"lastModified": "2024-11-21T04:20:34.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-13T16:29:01.420",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108766"
},
{
"source": "secure@intel.com",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"source": "nvd@nist.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html?wapkw=2019-11129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-VJM4-F5RM-5F8X
Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 00:57
VLAI?
Details
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
Severity ?
6.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-11125"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-13T16:29:00Z",
"severity": "MODERATE"
},
"details": "Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",
"id": "GHSA-vjm4-f5rm-5f8x",
"modified": "2024-04-04T00:57:15Z",
"published": "2022-05-24T16:48:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11125"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/in"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html?wapkw=2019-11129"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108766"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-11125
Vulnerability from gsd - Updated: 2023-12-13 01:24Details
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-11125",
"description": "Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",
"id": "GSD-2019-11125"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-11125"
],
"details": "Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",
"id": "GSD-2019-11125",
"modified": "2023-12-13T01:24:00.690601Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) NUC Firmware",
"version": {
"version_data": [
{
"version_value": "Please see reference document."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege, denial of service and/or information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
},
{
"name": "108766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108766"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5cpyh:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i3myx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i3ryx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i5myx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i5ryx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i7bnx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i7dnx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7pjy:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i3cyx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_d54250wyx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5i7ryx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5ppyh:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i3dnx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i5dnx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i5bex:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i7hnk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_d34010wyx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc6i3syx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc6i5syx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc6i7kyk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7cjy:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_de3815tyb:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_dn2820fykh:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc5pgyh:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc6cayx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i3bnx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc7i5bnx:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i7bex:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc8i3bex:nuc_kit_nuc8i7hvk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:compute_card_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:compute_card_cd1iv128mk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:compute_card_cd1p64gk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:compute_card_cd1c64gk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:compute_card_cd1m3128mk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:compute_stick_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:compute_stick_stk2m364cc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:compute_stick_stk2mv64cc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:compute_stick_stck1a8lfc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:compute_stick_stk2m3w64cc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11125"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108766",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108766"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html?wapkw=2019-11129",
"refsource": "misc",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html?wapkw=2019-11129"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-06-24T16:15Z",
"publishedDate": "2019-06-13T16:29Z"
}
}
}
CNVD-2019-42733
Vulnerability from cnvd - Published: 2019-11-28
VLAI Severity ?
Title
Intel NUC Kit输入验证错误漏洞(CNVD-2019-42733)
Description
Intel NUC Kit是美国英特尔(Intel)公司的一款小型台式电脑。
Intel NUC Kit中的系统固件存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞访问启用特权升级,拒绝服务和/或信息泄露。
Severity
中
Patch Name
Intel NUC Kit输入验证错误漏洞(CNVD-2019-42733)的补丁
Patch Description
Intel NUC Kit是美国英特尔(Intel)公司的一款小型台式电脑。
Intel NUC Kit中的系统固件存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞访问启用特权升级,拒绝服务和/或信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
Reference
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
Impacted products
| Name | Intel NUC kits |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-11125",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11125"
}
},
"description": "Intel NUC Kit\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5c0f\u578b\u53f0\u5f0f\u7535\u8111\u3002\n\nIntel NUC Kit\u4e2d\u7684\u7cfb\u7edf\u56fa\u4ef6\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u542f\u7528\u7279\u6743\u5347\u7ea7\uff0c\u62d2\u7edd\u670d\u52a1\u548c/\u6216\u4fe1\u606f\u6cc4\u9732\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-42733",
"openTime": "2019-11-28",
"patchDescription": "Intel NUC Kit\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5c0f\u578b\u53f0\u5f0f\u7535\u8111\u3002\r\n\r\nIntel NUC Kit\u4e2d\u7684\u7cfb\u7edf\u56fa\u4ef6\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u542f\u7528\u7279\u6743\u5347\u7ea7\uff0c\u62d2\u7edd\u670d\u52a1\u548c/\u6216\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Intel NUC Kit\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-42733\uff09\u7684\u8865\u4e01",
"products": {
"product": "Intel NUC kits"
},
"referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html",
"serverity": "\u4e2d",
"submitTime": "2019-06-14",
"title": "Intel NUC Kit\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-42733\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…