8.8
CVE-2019-0140
- EPSS 0.37%
- Published 14.11.2019 19:15:11
- Last modified 21.11.2024 04:16:19
- Source secure@intel.com
- Teams watchlist Login
- Open Login
Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.
Data is provided by the National Vulnerability Database (NVD)
Intel ≫ Ethernet Controller X710-tm4 Firmware Version < 7.0
Intel ≫ Ethernet Controller X710-at2 Firmware Version < 7.0
Intel ≫ Ethernet Controller Xxv710-am2 Firmware Version < 7.0
Intel ≫ Ethernet Controller Xxv710-am1 Firmware Version < 7.0
Intel ≫ Ethernet Controller X710-bm2 Firmware Version < 7.0
Intel ≫ Ethernet Controller 710-bm1 Firmware Version < 7.0
Intel ≫ Ethernet 700 Series Software Version < 24.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.557 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5.8 | 6.5 | 6.4 |
AV:A/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.