Lucene search

[email protected]CVE-2019-14569

HistoryOct 11, 2019 - 6:15 p.m.

CVE-2019-14569

2019-10-1118:15:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2019-14569

intel

nuc

firmware

privilege escalation

denial of service

information disclosure

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

11.7%

JSON

Pointer corruption in system firmware for Intel® NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

CPENameOperatorVersion
intel:nuc_8_mainstream_game_kit_firmwareintel nuc 8 mainstream game kit firmwareltinwhl357
intel:nuc_8_mainstream_game_mini_computer_firmwareintel nuc 8 mainstream game mini computer firmwareltinwhl357
intel:nuc_board_de3815tybe_firmwareintel nuc board de3815tybe firmwareltty0022
intel:nuc_kit_de3815tykhe_firmwareintel nuc kit de3815tykhe firmwareltty0022
intel:nuc_board_de3815tybe_firmwareintel nuc board de3815tybe firmwareltty0067
intel:nuc_kit_de3815tykhe_firmwareintel nuc kit de3815tykhe firmwareltty0067
intel:nuc_kit_dn2820fykh_firmwareintel nuc kit dn2820fykh firmwareltfy0069

CPE	Name	Operator	Version
intel:nuc_8_mainstream_game_kit_firmware	intel nuc 8 mainstream game kit firmware	lt	inwhl357
intel:nuc_8_mainstream_game_mini_computer_firmware	intel nuc 8 mainstream game mini computer firmware	lt	inwhl357
intel:nuc_board_de3815tybe_firmware	intel nuc board de3815tybe firmware	lt	ty0022
intel:nuc_kit_de3815tykhe_firmware	intel nuc kit de3815tykhe firmware	lt	ty0022
intel:nuc_board_de3815tybe_firmware	intel nuc board de3815tybe firmware	lt	ty0067
intel:nuc_kit_de3815tykhe_firmware	intel nuc kit de3815tykhe firmware	lt	ty0067
intel:nuc_kit_dn2820fykh_firmware	intel nuc kit dn2820fykh firmware	lt	fy0069

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

11.7%

JSON

Related for CVE-2019-14569

prion1 intel1 threatpost1