Lucene search

IntelCVE-2019-11140

HistoryAug 19, 2019 - 5:15 p.m.

CVE-2019-11140

2019-08-1917:15:11

CWE-20

intel

web.nvd.nist.gov

cve-2019-11140

insufficient session validation

intel

nuc

firmware

privileged user

escalation of privilege

denial of service

information disclosure

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Insufficient session validation in system firmware for Intel® NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Affected configurations

Nvd

Node

intelnuc_kit_firmwareMatch-

AND

intelnuc_kit_nuc7i3dnxMatch-

intelnuc_kit_nuc7i5dnxMatch-

intelnuc_kit_nuc7i7dnxMatch-

Node

intelcompute_stick_firmwareMatch-

AND

intelcompute_stick_stk2mv64ccMatch-

Node

intelcompute_card_firmwareMatch-

AND

intelcompute_card_cd1iv128mkMatch-

VendorProductVersionCPE
intelnuc_kit_firmware-cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*
intelnuc_kit_nuc7i3dnx-cpe:2.3:h:intel:nuc_kit_nuc7i3dnx:-:*:*:*:*:*:*:*
intelnuc_kit_nuc7i5dnx-cpe:2.3:h:intel:nuc_kit_nuc7i5dnx:-:*:*:*:*:*:*:*
intelnuc_kit_nuc7i7dnx-cpe:2.3:h:intel:nuc_kit_nuc7i7dnx:-:*:*:*:*:*:*:*
intelcompute_stick_firmware-cpe:2.3:o:intel:compute_stick_firmware:-:*:*:*:*:*:*:*
intelcompute_stick_stk2mv64cc-cpe:2.3:h:intel:compute_stick_stk2mv64cc:-:*:*:*:*:*:*:*
intelcompute_card_firmware-cpe:2.3:o:intel:compute_card_firmware:-:*:*:*:*:*:*:*
intelcompute_card_cd1iv128mk-cpe:2.3:h:intel:compute_card_cd1iv128mk:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	nuc_kit_firmware	-	cpe:2.3:o:intel:nuc_kit_firmware:-:::::::*
intel	nuc_kit_nuc7i3dnx	-	cpe:2.3:h:intel:nuc_kit_nuc7i3dnx:-:::::::*
intel	nuc_kit_nuc7i5dnx	-	cpe:2.3:h:intel:nuc_kit_nuc7i5dnx:-:::::::*
intel	nuc_kit_nuc7i7dnx	-	cpe:2.3:h:intel:nuc_kit_nuc7i7dnx:-:::::::*
intel	compute_stick_firmware	-	cpe:2.3:o:intel:compute_stick_firmware:-:::::::*
intel	compute_stick_stk2mv64cc	-	cpe:2.3:h:intel:compute_stick_stk2mv64cc:-:::::::*
intel	compute_card_firmware	-	cpe:2.3:o:intel:compute_card_firmware:-:::::::*
intel	compute_card_cd1iv128mk	-	cpe:2.3:h:intel:compute_card_cd1iv128mk:-:::::::*

CNA Affected

[
  {
    "product": "Intel(R) NUC Advisory",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "See provided reference"
      }
    ]
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-11140