Lucene search

[email protected]CVE-2019-14612

HistoryDec 16, 2019 - 8:15 p.m.

CVE-2019-14612

2019-12-1620:15:15

CWE-787

[email protected]

web.nvd.nist.gov

cve-2019-14612

intel

nuc

firmware

privilege escalation

local access

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

Out of bounds write in firmware for Intel® NUC® may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

NVD

Node

intelnuc_8_mainstream_game_kit_firmwareRange<0036

AND

intelnuc_8_mainstream_game_kitMatch-

Node

intelnuc_8_mainstream_game_mini_computer_firmwareRange<0036

AND

intelnuc_8_mainstream_game_mini_computerMatch-

Node

intelnuc8i7bek_firmwareRange<0077

AND

intelnuc8i7bekMatch-

Node

intelcd1p64gk_firmwareRange<0053

AND

intelcd1p64gkMatch-

Node

intelnuc8i3cysm_firmwareRange<0043

AND

intelnuc8i3cysmMatch-

Node

intelnuc8i7hnk_firmwareRange<0059

AND

intelnuc8i7hnkMatch-

Node

intelnuc7i7dnke_firmwareRange<0067

AND

intelnuc7i7dnkeMatch-

Node

intelnuc7i5dnke_firmwareRange<0067

AND

intelnuc7i5dnkeMatch-

Node

intelnuc7i3dnhe_firmwareRange<0067

AND

intelnuc7i3dnheMatch-

Node

intelstk2mv64cc_firmwareRange<0061

AND

intelstk2mv64ccMatch-

Node

intelstk2m3w64cc_firmwareRange<0062

AND

intelstk2m3w64ccMatch-

Node

intelnuc6i7kyk_firmwareRange<0066

AND

intelnuc6i7kykMatch-

Node

intelnuc6i5syh_firmwareRange<0072

AND

intelnuc6i5syhMatch-

Node

intelnuc7cjyh_firmwareRange<0053

AND

intelnuc7cjyhMatch-

Node

intelcd1m3128mk_firmwareRange<0058

AND

intelcd1m3128mkMatch-

Node

intelcd1iv128mk_firmwareRange<0038

AND

intelcd1iv128mkMatch-

Node

intelnuc6cays_firmwareRange<0064

AND

intelnuc6caysMatch-

Node

intelde3815tybe_firmwareRange<0024

AND

intelde3815tybeMatch-

Node

inteld34010wyb_firmwareRange<0054

AND

inteld34010wybMatch-

CPENameOperatorVersion
intel:nuc_8_mainstream_game_kit_firmwareintel nuc 8 mainstream game kit firmwarelt0036

CPE	Name	Operator	Version
intel:nuc_8_mainstream_game_kit_firmware	intel nuc 8 mainstream game kit firmware	lt	0036

CNA Affected

[
  {
    "product": "Intel(R) NUC(R)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "See References"
      }
    ]
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2019-14612

nvd1 cvelist1 prion1 intel1