Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00223
HistoryMay 14, 2019 - 12:00 a.m.

2019.1 QSR UEFI Advisory

2019-05-1400:00:00
Intel Security Center
www.intel.com
27

EPSS

0.001

Percentile

26.8%

JSON

Summary:

Multiple potential security vulnerabilities in Intel® Unified Extensible Firmware Interface (UEFI) may allow escalation of privilege and/or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2019-0119

Description: Buffer overflow vulnerability in system firmware for Intel® Xeon® Processor D Family, Intel® Xeon® Scalable Processor, Intel®** **Server Board, Intel® Server System and Intel® Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2019-0120

Description: Insufficient key protection vulnerability in silicon reference firmware for Intel®**** Pentium®**** Processor J Series, Intel®**** Pentium®**** Processor N Series, Intel®**** Celeron® J Series, Intel®**** Celeron® N Series, Intel®**** Atom® Processor A Series, Intel®**** Atom® Processor E3900 Series, Intel®**** Pentium®**** Processor Silver Series may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2019-0126

Description: Insufficient access control in silicon reference firmware for Intel® Xeon® Scalable Processor, Intel® Xeon® Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

CVSS Base Score: 7.2 High

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

Affected Products:

Intel® Xeon® Processor D Family

Intel® Xeon® Scalable Processor

Intel®** **Server Board

Intel® Server System

Intel® Compute Module

Intel®Pentium® Processor J Series

Intel®Pentium® Processor N Series

Intel®** **Celeron® J Series

Intel®** **Celeron® N Series

Intel®** **Atom® Processor A Series

Intel®** **Atom® Processor E3900 Series

Intel®** **Pentium® Processor Silver Series

Recommendations:

Intel recommends that users of Intel® products listed above** **update to the latest version provided by the system manufacturer that addresses these issues.

Acknowledgements:

These issues were found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

lenovo 2
hp 1
f5 3
prion 3
cve 3
nvd 3
cvelist 3
threatpost 1
lenovo
lenovo
Intel Firmware Vulnerabilities - Lenovo Support US
2019-05-14 11:57:39
Intel Firmware Vulnerabilities - Lenovo Support US
2019-05-14 11:57:39
hp
hp
HPSBHF03617 rev. 4 - Intel UEFI System Firmware Security Updates
2019-05-14 00:00:00
f5
f5
K37428370 : Intel Xeon access control vulnerability CVE-2019-0126
2019-06-06 00:00:00
K85585101 : Intel UEFI vulnerability CVE-2019-0119
2019-06-06 00:00:00
K29002929 : INTEL-SA-00223 - Intel Unified Extensible Firmware Interface CVE-2019-0120
2019-06-06 00:00:00
prion
prion
Improper access control
2019-05-17 16:29:00
Design/Logic Flaw
2019-05-17 16:29:00
Buffer overflow
2019-05-17 16:29:00
cve
cve
CVE-2019-0126
2019-05-17 16:29:01
CVE-2019-0120
2019-05-17 16:29:01
CVE-2019-0119
2019-05-17 16:29:01
nvd
nvd
CVE-2019-0126
2019-05-17 16:29:01
CVE-2019-0120
2019-05-17 16:29:01
CVE-2019-0119
2019-05-17 16:29:01
cvelist
cvelist
CVE-2019-0126
2019-05-17 15:41:38
CVE-2019-0120
2019-05-17 15:41:38
CVE-2019-0119
2019-05-17 15:41:38
threatpost
threatpost
Intel Fixes Critical, High-Severity Flaws Across Several Products
2019-05-21 21:02:56

EPSS

0.001

Percentile

26.8%

JSON
Related for INTEL:INTEL-SA-00223
lenovo2hp1f53prion3cve3nvd3cvelist3threatpost1