Potential security vulnerabilities in the Intel® Ethernet I210 Controller series of network adapters may allow denial of service.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2020-0522
Description: Improper initialization in the firmware for the Intel® Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
CVEID: CVE-2020-0523
Description: Improper access control in the firmware for the Intel® Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
CVEID: CVE-2020-0524
Description: Improper default permissions in the firmware for the Intel® Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score 5.2 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
CVEID: CVE-2020-0525
Description: Improper access control in firmware for the Intel® Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Intel® Ethernet I210 Controller series of network adapters before firmware version 3.30.
Intel recommends updating the Intel® Ethernet I210 Controller series of network adapters to firmware version 3.30 or later.
Updates are available for download at this location:
<https://downloadcenter.intel.com/product/64399/Intel-Ethernet-Controller-I210-Series>
These issues were found internally by Intel.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.