Search...

Intel SGX vulnerabilities CVE-2019-14565, CVE-2019-14566

2019-11-19T09:43:00

ID F5:K57201259
Type f5
Reporter f5
Modified 2019-11-19T09:43:00

Description

F5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.

None

K51812227: Understanding Security Advisory versioning

K41942608: Overview of AskF5 Security Advisory articles

K4602: Overview of the F5 security vulnerability response policy

K9970: Subscribing to email notifications regarding F5 products

K9957: Creating a custom RSS feed to view new and updated documents

JSON Vulners Source

Initial Source

{"id": "F5:K57201259", "bulletinFamily": "software", "title": "Intel SGX vulnerabilities CVE-2019-14565, CVE-2019-14566", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "published": "2019-11-19T09:43:00", "modified": "2019-11-19T09:43:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://support.f5.com/csp/article/K57201259", "reporter": "f5", "references": [], "cvelist": ["CVE-2019-14565", "CVE-2019-14566"], "type": "f5", "lastseen": "2020-04-06T22:39:58", "edition": 1, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-14566", "CVE-2019-14565"]}, {"type": "lenovo", "idList": ["LENOVO:PS500278-INTEL-SOFTWARE-GUARD-EXTENSIONS-SGX-VULNERABILITIES-NOSID", "LENOVO:PS500278-NOSID"]}, {"type": "hp", "idList": ["HP:C06502052"]}], "modified": "2020-04-06T22:39:58", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2020-04-06T22:39:58", "rev": 2}, "vulnersScore": 5.4}, "affectedSoftware": []}

{"cve": [{"lastseen": "2020-10-03T13:38:44", "description": "Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-14T17:15:00", "title": "CVE-2019-14566", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14566"], "modified": "2019-11-19T08:15:00", "cpe": ["cpe:/a:intel:software_guard_extensions_sdk:2.5.100.49891", "cpe:/a:intel:software_guard_extensions_sdk:2.6.100.51363", "cpe:/a:intel:software_guard_extensions_sdk:2.4.100.48163", "cpe:/a:intel:software_guard_extensions_sdk:2.3.100.49777", "cpe:/a:intel:software_guard_extensions_sdk:2.2.100.45311", "cpe:/a:intel:software_guard_extensions_sdk:2.3.101.50222", "cpe:/a:intel:software_guard_extensions_sdk:2.4.100.51291", "cpe:/a:intel:software_guard_extensions_sdk:2.3.100.46354"], "id": "CVE-2019-14566", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14566", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:intel:software_guard_extensions_sdk:2.6.100.51363:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.100.46354:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.5.100.49891:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.4.100.51291:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.101.50222:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.4.100.48163:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.2.100.45311:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.100.49777:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:44", "description": "Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-14T17:15:00", "title": "CVE-2019-14565", "type": "cve", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14565"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:intel:software_guard_extensions_sdk:2.5.100.49891", "cpe:/a:intel:software_guard_extensions_sdk:2.6.100.51363", "cpe:/a:intel:software_guard_extensions_sdk:2.4.100.48163", "cpe:/a:intel:software_guard_extensions_sdk:2.3.100.49777", "cpe:/a:intel:software_guard_extensions_sdk:2.2.100.45311", "cpe:/a:intel:software_guard_extensions_sdk:2.3.101.50222", "cpe:/a:intel:software_guard_extensions_sdk:2.4.100.51291", "cpe:/a:intel:software_guard_extensions_sdk:2.3.100.46354"], "id": "CVE-2019-14565", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14565", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:intel:software_guard_extensions_sdk:2.6.100.51363:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.100.46354:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.5.100.49891:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.4.100.51291:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.101.50222:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.4.100.48163:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.2.100.45311:*:*:*:*:*:*:*", "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.100.49777:*:*:*:*:*:*:*"]}], "lenovo": [{"lastseen": "2020-10-14T09:02:02", "bulletinFamily": "info", "cvelist": ["CVE-2019-14565", "CVE-2019-14566"], "description": "**Lenovo Security Advisory:** LEN-29482\n\n**Potential Impact**: Information Disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2019-14565, CVE-2019-14566\n\n**Summary Description: **\n\nIntel reported a potential security vulnerability in certain libraries provided in the Intel SGX SDK may allow for information disclosure from the SGX enclaves utilizing those libraries.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel recommends updating the Intel SGX Platform Software to the latest version as indicated for your model in the Product Impact section below.\n\n**Product Impact:**\n\nTo download the version specified for your product below, follow these steps:\n\n 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/>\n 2. Searching for your product by name or machine type.\n 3. Click Drivers & Software on the left menu panel.\n 4. Click on Manual Update to browse by Component type.\n 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nAlternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.\n", "edition": 99, "modified": "2020-09-10T14:11:13", "published": "2019-11-04T18:34:52", "id": "LENOVO:PS500278-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500278", "title": "Intel Software Guard Extensions (SGX) Vulnerabilities - Lenovo Support US", "type": "lenovo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-28T07:22:49", "bulletinFamily": "info", "cvelist": ["CVE-2019-14565", "CVE-2019-14566"], "description": "**Lenovo Security Advisory:** LEN-29482\n\n**Potential Impact**: Information Disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2019-14565, CVE-2019-14566\n\n**Summary Description: **\n\nIntel reported a potential security vulnerability in certain libraries provided in the Intel SGX SDK may allow for information disclosure from the SGX enclaves utilizing those libraries.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel recommends updating the Intel SGX Platform Software to the latest version as indicated for your model in the Product Impact section below.\n\n**Product Impact:**\n\nTo download the version specified for your product below, follow these steps:\n\n 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/>\n 2. Searching for your product by name or machine type.\n 3. Click Drivers & Software on the left menu panel.\n 4. Click on Manual Update to browse by Component type.\n 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nAlternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.\n", "edition": 35, "modified": "2020-09-10T14:11:13", "published": "2019-11-04T18:34:52", "id": "LENOVO:PS500278-INTEL-SOFTWARE-GUARD-EXTENSIONS-SGX-VULNERABILITIES-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500278-intel-software-guard-extensions-sgx-vulnerabilities", "title": "Intel Software Guard Extensions (SGX) Vulnerabilities - Lenovo Support US", "type": "lenovo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "hp": [{"lastseen": "2020-12-24T13:21:23", "bulletinFamily": "software", "cvelist": ["CVE-2019-11139", "CVE-2019-14565", "CVE-2019-11137", "CVE-2019-0117", "CVE-2019-14607", "CVE-2019-0185", "CVE-2019-0184", "CVE-2019-14566", "CVE-2019-11135", "CVE-2019-11157", "CVE-2019-0152", "CVE-2019-0124", "CVE-2019-0154", "CVE-2018-0123", "CVE-2019-11136", "CVE-2019-0151"], "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service, Information Disclosure.\n\n**Source**: HP, HP Product Security Response Team (PSRT) \n\n**Reported by**: Intel \n\n## VULNERABILITY SUMMARY\nMultiple security vulnerabilities have been identified by Intel.\n\nIntel is releasing updates for BIOS, Voltage Modulation, Intel Processor Graphics, Intel SGX, Intel SGX and Intel TXT, Intel SGX and Intel Processor Graphics, Intel Trusted Execution Technology (TXT), Intel System Management Mode (SMM), Intel CPU Local Privilege Escalation, TSX Asynchronous Abort.\n\n## RESOLUTION\nHP has identified the affected platforms and target dates for Softpaqs. See the affected platforms listed below.\n", "edition": 3, "modified": "2020-03-18T00:00:00", "published": "2019-11-11T00:00:00", "id": "HP:C06502052", "href": "https://support.hp.com/us-en/document/c06502052", "title": "HPSBHF03638 rev. 4 - Intel 2019.2 IPU BIOS Security Updates", "type": "hp", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}