Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00356
HistorySep 08, 2020 - 12:00 a.m.

Intel BIOS Advisory

2020-09-0800:00:00
Intel Security Center
www.intel.com
13
JSON

Summary:

Potential security vulnerabilities in BIOS firmware for multiple Intel Platforms may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing BIOS updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-8672

Description: Out of bound read in BIOS firmware for 8th, 9th Generation Intel® Core™, Intel® Celeron® Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.

CVSS base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CVEID: CVE-2019-14557

Description: Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel® Core™, Intel® Celeron® Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access.

CVSS base Score: 4.6 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVEID: CVE-2019-14558

Description: Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel® Core™, Intel® Celeron® Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.

CVSS base Score: 3.0 Low

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CVEID: CVE-2020-8671

Description: Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel® Core™ Processors and Intel® Celeron® Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access.

CVSS base Score: 5.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CVEID: CVE-2019-14556

Description: Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel® Core™, Intel® Celeron® Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access.

CVSS base Score: 2.0 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L

Affected Products:

  • 8th Generation Intel® Core™ Processor
  • 9th Generation Intel® Core™ Processor
  • 10th Generation Intel® Core™ i7 Processor
  • Intel® Celeron® Processor 5000 Series
  • Intel® Celeron® Processor 4000 Series

Recommendations:

Intel recommends that users of above Intel® products update to the latest BIOS version provided by the system manufacturer that addresses these issues.__

Acknowledgements:

These issues were found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

hp 1
lenovo 2
prion 5
cve 5
debiancve 1
ubuntucve 1
redhatcve 1
openvas 9
nessus 8
altlinux 2
amazon 1
fedora 1
ubuntu 1
debian 1
osv 1
mageia 1
hp
hp
HPSBHF03684 rev. 2 - Intel® BIOS September 2020 Security Updates
2020-09-04 00:00:00
lenovo
lenovo
Intel BIOS Advisory - Lenovo Support NL
2020-09-06 17:53:22
Intel BIOS Advisory - Lenovo Support US
2020-09-06 17:53:22
prion
prion
Buffer overflow
2020-10-05 14:15:00
Design/Logic Flaw
2020-10-05 14:15:00
Design/Logic Flaw
2020-10-05 14:15:00
cve
cve
CVE-2019-14557
2020-10-05 14:15:00
CVE-2019-14558
2020-10-05 14:15:00
CVE-2020-8671
2020-10-05 14:15:00
debiancve
debiancve
CVE-2019-14558
2020-10-05 14:15:00
ubuntucve
ubuntucve
CVE-2019-14558
2019-12-31 00:00:00
redhatcve
redhatcve
CVE-2019-14558
2020-05-08 14:09:52
openvas
openvas
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2020-1913)
2020-08-31 00:00:00
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2020-1988)
2020-09-08 00:00:00
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2023-2443)
2023-07-25 00:00:00
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : edk2 (EulerOS-SA-2020-1988)
2020-09-08 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : edk2 (EulerOS-SA-2020-1913)
2020-08-28 00:00:00
EulerOS Virtualization 3.0.6.6 : edk2 (EulerOS-SA-2023-2443)
2023-07-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package edk2 version 20200229-alt1
2020-05-16 00:00:00
Security fix for the ALT Linux 9 package edk2-tools version 20200229-alt1
2020-07-22 00:00:00
amazon
amazon
Medium: edk2
2020-10-22 17:30:00
fedora
fedora
[SECURITY] Fedora 33 Update: edk2-20200801stable-1.fc33
2020-10-01 00:17:30
ubuntu
ubuntu
EDK II vulnerabilities
2020-04-30 00:00:00
debian
debian
[SECURITY] [DLA 2645-1] edk2 security update
2021-04-29 20:03:01
osv
osv
edk2 - security update
2021-04-29 00:00:00
mageia
mageia
Updated edk2 packages fix multiples security vulnerabilities
2021-01-17 19:07:01
JSON
Related for INTEL:INTEL-SA-00356
hp1lenovo2prion5cve5debiancve1ubuntucve1redhatcve1openvas9nessus8altlinux2amazon1fedora1ubuntu1debian1osv1mageia1