Lucene search

[email protected]CVE-2019-11124

HistoryJun 13, 2019 - 4:29 p.m.

CVE-2019-11124

2019-06-1316:29:01

CWE-787

CWE-125

[email protected]

web.nvd.nist.gov

cve-2019-11124

intel

nuc kit

firmware

out of bound

read

write

escalation of privilege

denial of service

information disclosure

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Out of bound read/write in system firmware for Intel® NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Affected configurations

NVD

Node

intelnuc_kit_firmwareMatch-

AND

intelnuc_kit_nuc8i3bexMatch-

intelnuc_kit_nuc8i3bexMatchnuc_kit_d34010wyx

intelnuc_kit_nuc8i3bexMatchnuc_kit_d54250wyx

intelnuc_kit_nuc8i3bexMatchnuc_kit_de3815tyb

intelnuc_kit_nuc8i3bexMatchnuc_kit_dn2820fykh

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc5cpyh

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc5i3myx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc5i3ryx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc5i5myx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc5i5ryx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc5i7ryx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc5pgyh

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc5ppyh

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc6cayx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc6i3syx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc6i5syx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc6i7kyk

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc7cjy

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc7i3bnx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc7i3dnx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc7i5bnx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc7i5dnx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc7i7bnx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc7i7dnx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc7pjy

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc8i3cyx

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc8i5bex

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc8i7bex

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc8i7hnk

intelnuc_kit_nuc8i3bexMatchnuc_kit_nuc8i7hvk

Node

intelcompute_card_firmwareMatch-

AND

intelcompute_card_cd1c64gkMatch-

intelcompute_card_cd1iv128mkMatch-

intelcompute_card_cd1m3128mkMatch-

intelcompute_card_cd1p64gkMatch-

Node

intelcompute_stick_firmwareMatch-

AND

intelcompute_stick_stck1a32wfcMatch-

intelcompute_stick_stck1a8lfcMatch-

intelcompute_stick_stk2m364ccMatch-

intelcompute_stick_stk2m3w64ccMatch-

intelcompute_stick_stk2mv64ccMatch-

CPENameOperatorVersion
intel:nuc_kit_firmwareintel nuc kit firmwareeq-

CPE	Name	Operator	Version
intel:nuc_kit_firmware	intel nuc kit firmware	eq	-

CNA Affected

[
  {
    "product": "Intel(R) NUC Firmware",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Please see reference document."
      }
    ]
  }
]

References

www.securityfocus.com/bid/108766

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html?wapkw=2019-11129

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2019-11124

prion1 cvelist1 nvd1 intel1 threatpost1