A potential security vulnerability in the system firmware for Intel® NUC may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2019-11140
Description: Insufficient session validation in system firmware for Intel® NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Product
|
Updated Firmware
—|—
Intel® NUC Kit NUC7i7DNx
|
Intel® NUC Kit NUC7i5DNx
|
Intel® NUC Kit NUC7i3DNx
|
Intel® Compute Stick STK2MV64CC
|
Intel® Compute Card CD1IV128MK
|
Intel recommends that users update to the latest version (see provided table).
Intel would like to thank Dmitry Frolov for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.