CVE-2019-11123

EPSS 0.07%
Veröffentlicht 13.06.2019 16:29:01
Zuletzt bearbeitet 21.11.2024 04:20:34
Quelle secure@intel.com
Teams Watchlist Login
Unerledigt Login

Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Intel ≫ Nuc Kit Firmware Version-

   Intel ≫ Nuc Kit Nuc8i3bex Version-
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_d34010wyx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_d54250wyx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_de3815tyb
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_dn2820fykh
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc5cpyh
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc5i3myx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc5i3ryx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc5i5myx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc5i5ryx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc5i7ryx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc5pgyh
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc5ppyh
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc6cayx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc6i3syx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc6i5syx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc6i7kyk
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc7cjy
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc7i3bnx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc7i3dnx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc7i5bnx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc7i5dnx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc7i7bnx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc7i7dnx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc7pjy
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc8i3cyx
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc8i5bex
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc8i7bex
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc8i7hnk
   Intel ≫ Nuc Kit Nuc8i3bex Versionnuc_kit_nuc8i7hvk

Intel ≫ Compute Card Firmware Version-

   Intel ≫ Compute Card Cd1c64gk Version-
   Intel ≫ Compute Card Cd1iv128mk Version-
   Intel ≫ Compute Card Cd1m3128mk Version-
   Intel ≫ Compute Card Cd1p64gk Version-

Intel ≫ Compute Stick Firmware Version-

   Intel ≫ Compute Stick Stck1a32wfc Version-
   Intel ≫ Compute Stick Stck1a8lfc Version-
   Intel ≫ Compute Stick Stk2m364cc Version-
   Intel ≫ Compute Stick Stk2m3w64cc Version-
   Intel ≫ Compute Stick Stk2mv64cc Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/108766

Third Party Advisory

VDB Entry

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html?wapkw=2019-11129

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11123

EUVD