cvelistv5 - CVE-2019-14570

CVE-2019-14570 (GCVE-0-2019-14570)

Vulnerability from cvelistv5 – Published: 2019-10-11 17:58 – Updated: 2024-08-05 00:19

Summary

Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Severity ?

No CVSS data available.

CWE

Escalation of Privilege, Denial of Service, Information Disclosure

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel®	NUC Advisory	Affected: See provided reference

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NUC Advisory",
          "vendor": "Intel\u00ae",
          "versions": [
            {
              "status": "affected",
              "version": "See provided reference"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege, Denial of Service, Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-11T17:58:06",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-14570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NUC Advisory",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See provided reference"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel\u00ae"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege, Denial of Service, Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-14570",
    "datePublished": "2019-10-11T17:58:06",
    "dateReserved": "2019-08-03T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_8_mainstream_game_kit_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"inwhl357\", \"matchCriteriaId\": \"1351A317-8831-463A-8C32-D117535B2158\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_8_mainstream_game_kit:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"365D716A-73F7-4F20-A4F5-0FE53E08E014\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_8_mainstream_game_mini_computer_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"inwhl357\", \"matchCriteriaId\": \"9A4E1BA3-6A0A-4796-9A72-B5880B84D1C9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_8_mainstream_game_mini_computer:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFC228AB-19E6-4C1E-82D7-113CB02CB9B4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ty0022\", \"matchCriteriaId\": \"A3118DD0-B446-4862-B5A5-CC722983E99F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52DA8FD4-2744-4BAE-BC85-256569ED6FBE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ty0022\", \"matchCriteriaId\": \"96B348F1-2F56-41D3-918C-878083E4C800\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E9BBC0B-B4B7-49C4-AEF6-B30704533686\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ty0067\", \"matchCriteriaId\": \"14A0B608-14D3-4D22-8ECA-866DF6849520\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52DA8FD4-2744-4BAE-BC85-256569ED6FBE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ty0067\", \"matchCriteriaId\": \"9B999273-385E-4F17-9A24-68EEF2AFFDC9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E9BBC0B-B4B7-49C4-AEF6-B30704533686\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_kit_dn2820fykh_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"fy0069\", \"matchCriteriaId\": \"BB0DDE62-C922-420E-A1BC-4427E12F3BD6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"738AD9B2-1055-42D0-8D16-205340BE3BE7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.\"}, {\"lang\": \"es\", \"value\": \"Una corrupci\\u00f3n de la memoria en el firmware del sistema para Intel(R) NUC puede permitir a un usuario privilegiado habilitar potencialmente una escalada de privilegios, una denegaci\\u00f3n de servicio y/o una divulgaci\\u00f3n de informaci\\u00f3n por medio del acceso local.\"}]",
      "id": "CVE-2019-14570",
      "lastModified": "2024-11-21T04:26:58.767",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-10-11T18:15:11.333",
      "references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-14570\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2019-10-11T18:15:11.333\",\"lastModified\":\"2024-11-21T04:26:58.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.\"},{\"lang\":\"es\",\"value\":\"Una corrupci\u00f3n de la memoria en el firmware del sistema para Intel(R) NUC puede permitir a un usuario privilegiado habilitar potencialmente una escalada de privilegios, una denegaci\u00f3n de servicio y/o una divulgaci\u00f3n de informaci\u00f3n por medio del acceso local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_8_mainstream_game_kit_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"inwhl357\",\"matchCriteriaId\":\"1351A317-8831-463A-8C32-D117535B2158\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_8_mainstream_game_kit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"365D716A-73F7-4F20-A4F5-0FE53E08E014\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_8_mainstream_game_mini_computer_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"inwhl357\",\"matchCriteriaId\":\"9A4E1BA3-6A0A-4796-9A72-B5880B84D1C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_8_mainstream_game_mini_computer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFC228AB-19E6-4C1E-82D7-113CB02CB9B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ty0022\",\"matchCriteriaId\":\"A3118DD0-B446-4862-B5A5-CC722983E99F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52DA8FD4-2744-4BAE-BC85-256569ED6FBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ty0022\",\"matchCriteriaId\":\"96B348F1-2F56-41D3-918C-878083E4C800\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E9BBC0B-B4B7-49C4-AEF6-B30704533686\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ty0067\",\"matchCriteriaId\":\"14A0B608-14D3-4D22-8ECA-866DF6849520\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52DA8FD4-2744-4BAE-BC85-256569ED6FBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ty0067\",\"matchCriteriaId\":\"9B999273-385E-4F17-9A24-68EEF2AFFDC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E9BBC0B-B4B7-49C4-AEF6-B30704533686\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_kit_dn2820fykh_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fy0069\",\"matchCriteriaId\":\"BB0DDE62-C922-420E-A1BC-4427E12F3BD6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"738AD9B2-1055-42D0-8D16-205340BE3BE7\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-W697-CRQQ-Q58C

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:22

Details

Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-14570"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-11T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",
  "id": "GHSA-w697-crqq-q58c",
  "modified": "2024-04-04T02:22:24Z",
  "published": "2022-05-24T16:58:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14570"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-14570

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Aliases

CVE-2019-14570

Aliases

CVE-2019-14570

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-14570",
    "description": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",
    "id": "GSD-2019-14570"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-14570"
      ],
      "details": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",
      "id": "GSD-2019-14570",
      "modified": "2023-12-13T01:23:53.432797Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2019-14570",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NUC Advisory",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See provided reference"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Intel\u00ae"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege, Denial of Service, Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_8_mainstream_game_kit_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "inwhl357",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_8_mainstream_game_kit:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_8_mainstream_game_mini_computer_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "inwhl357",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_8_mainstream_game_mini_computer:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ty0022",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ty0022",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ty0067",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ty0067",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_dn2820fykh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "fy0069",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-14570"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-10-11T18:15Z"
    }
  }
}

VAR-201910-0659

Vulnerability from variot - Updated: 2023-12-18 13:07

Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Intel(R) NUC Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Intel NUC Kit is a small desktop computer from Intel Corporation of the United States.

A memory corruption vulnerability exists in the Intel NUC system firmware. A local attacker could use this vulnerability to elevate privileges, cause a denial of service, and / or obtain information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0659",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nuc kit de3815tykhe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ty0067"
      },
      {
        "model": "nuc board de3815tybe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ty0022"
      },
      {
        "model": "nuc 8 mainstream game mini computer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "inwhl357"
      },
      {
        "model": "nuc board de3815tybe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ty0067"
      },
      {
        "model": "nuc kit dn2820fykh",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "fy0069"
      },
      {
        "model": "nuc 8 mainstream game kit",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "inwhl357"
      },
      {
        "model": "nuc kit de3815tykhe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ty0022"
      },
      {
        "model": "nuc 8 mainstream game kit",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc 8 mainstream game mini computer",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc board de3815tybe",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit de3815tykhe",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit dn2820fykh",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc",
        "scope": null,
        "trust": 0.6,
        "vendor": "intel",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14570"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_8_mainstream_game_kit_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "inwhl357",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_8_mainstream_game_kit:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_8_mainstream_game_mini_computer_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "inwhl357",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_8_mainstream_game_mini_computer:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ty0022",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ty0022",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ty0067",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ty0067",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_dn2820fykh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "fy0069",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14570"
      }
    ]
  },
  "cve": "CVE-2019-14570",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-14570",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2019-42614",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-14570",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-14570",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-42614",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-547",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Intel(R) NUC Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Intel NUC Kit is a small desktop computer from Intel Corporation of the United States. \n\nA memory corruption vulnerability exists in the Intel NUC system firmware. A local attacker could use this vulnerability to elevate privileges, cause a denial of service, and / or obtain information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-14570",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVNVU90055983",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3783",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-547",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ]
  },
  "id": "VAR-201910-0659",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      }
    ],
    "trust": 1.3138888866666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:07:51.160000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00296",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
      },
      {
        "title": "Patch for Intel NUC Memory Corruption Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/192329"
      },
      {
        "title": "Intel NUC Kit Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99194"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14570"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14570"
      },
      {
        "trust": 1.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14570"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu90055983/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3783/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      },
      {
        "date": "2019-10-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "date": "2019-10-11T18:15:11.333000",
        "db": "NVD",
        "id": "CVE-2019-14570"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-42614"
      },
      {
        "date": "2019-10-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2019-14570"
      },
      {
        "date": "2020-09-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel(R) NUC Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010663"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-547"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2019-14570

Vulnerability from fkie_nvd - Published: 2019-10-11 18:15 - Updated: 2024-11-21 04:26

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html	Vendor Advisory

Impacted products

Vendor	Product	Version
intel	nuc_8_mainstream_game_kit_firmware	*
intel	nuc_8_mainstream_game_kit	-
intel	nuc_8_mainstream_game_mini_computer_firmware	*
intel	nuc_8_mainstream_game_mini_computer	-
intel	nuc_board_de3815tybe_firmware	*
intel	nuc_board_de3815tybe	-
intel	nuc_kit_de3815tykhe_firmware	*
intel	nuc_kit_de3815tykhe	-
intel	nuc_board_de3815tybe_firmware	*
intel	nuc_board_de3815tybe	-
intel	nuc_kit_de3815tykhe_firmware	*
intel	nuc_kit_de3815tykhe	-
intel	nuc_kit_dn2820fykh_firmware	*
intel	nuc_kit_dn2820fykh	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_8_mainstream_game_kit_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1351A317-8831-463A-8C32-D117535B2158",
              "versionEndExcluding": "inwhl357",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_8_mainstream_game_kit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "365D716A-73F7-4F20-A4F5-0FE53E08E014",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_8_mainstream_game_mini_computer_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4E1BA3-6A0A-4796-9A72-B5880B84D1C9",
              "versionEndExcluding": "inwhl357",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_8_mainstream_game_mini_computer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFC228AB-19E6-4C1E-82D7-113CB02CB9B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3118DD0-B446-4862-B5A5-CC722983E99F",
              "versionEndExcluding": "ty0022",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52DA8FD4-2744-4BAE-BC85-256569ED6FBE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B348F1-2F56-41D3-918C-878083E4C800",
              "versionEndExcluding": "ty0022",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9BBC0B-B4B7-49C4-AEF6-B30704533686",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A0B608-14D3-4D22-8ECA-866DF6849520",
              "versionEndExcluding": "ty0067",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52DA8FD4-2744-4BAE-BC85-256569ED6FBE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B999273-385E-4F17-9A24-68EEF2AFFDC9",
              "versionEndExcluding": "ty0067",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9BBC0B-B4B7-49C4-AEF6-B30704533686",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_kit_dn2820fykh_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0DDE62-C922-420E-A1BC-4427E12F3BD6",
              "versionEndExcluding": "fy0069",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "738AD9B2-1055-42D0-8D16-205340BE3BE7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access."
    },
    {
      "lang": "es",
      "value": "Una corrupci\u00f3n de la memoria en el firmware del sistema para Intel(R) NUC puede permitir a un usuario privilegiado habilitar potencialmente una escalada de privilegios, una denegaci\u00f3n de servicio y/o una divulgaci\u00f3n de informaci\u00f3n por medio del acceso local."
    }
  ],
  "id": "CVE-2019-14570",
  "lastModified": "2024-11-21T04:26:58.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-11T18:15:11.333",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-494

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel NUC Board DE3815TYBE sans le correctif de sécurité TY0067
Intel	N/A	Intel NUC 8 Mainstream Game Mini Computer sans le correctif de sécurité INWHL357
Intel	N/A	Intel NUC 8 Mainstream Game Kit sans le correctif de sécurité INWHL357
Intel	N/A	Intel NUC Board DE3815TYBE (H26998-500 & later) sans le correctif de sécurité TY0022
Intel	N/A	Intel Active System Console for Intel Server Boards and Systems based on Intel 62X Chipset versions antérieures à 8.0 Build 24
Intel	N/A	Intel NUC Kit DN2820FYKH sans le correctif de sécurité FY0069
Intel	N/A	Intel NUC Kit DE3815TYKHE (H27002-500 & later) sans le correctif de sécurité TY0022
Intel	N/A	Intel NUC Kit DE3815TYKHE sans le correctif de sécurité TY0067
Intel	N/A	Intel Smart Connect Technology pour Intel NUC (la désinstallation est recommandée par Intel)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00296 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00286 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00261 du 08 octobre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel NUC Board DE3815TYBE sans le correctif de s\u00e9curit\u00e9 TY0067",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC 8 Mainstream Game Mini Computer sans le correctif de s\u00e9curit\u00e9 INWHL357",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC 8 Mainstream Game Kit sans le correctif de s\u00e9curit\u00e9 INWHL357",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Board DE3815TYBE (H26998-500 \u0026 later) sans le correctif de s\u00e9curit\u00e9 TY0022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Active System Console for Intel Server Boards and Systems based on Intel 62X Chipset versions ant\u00e9rieures \u00e0 8.0 Build 24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit DN2820FYKH sans le correctif de s\u00e9curit\u00e9 FY0069",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit DE3815TYKHE (H27002-500 \u0026 later) sans le correctif de s\u00e9curit\u00e9 TY0022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit DE3815TYKHE sans le correctif de s\u00e9curit\u00e9 TY0067",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Smart Connect Technology pour Intel NUC (la d\u00e9sinstallation est recommand\u00e9e par Intel)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11167"
    },
    {
      "name": "CVE-2019-14569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14569"
    },
    {
      "name": "CVE-2019-14570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14570"
    },
    {
      "name": "CVE-2019-11120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11120"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-494",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00296 du 08 octobre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00286 du 08 octobre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00286.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00261 du 08 octobre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00261.html"
    }
  ]
}

CERTFR-2019-AVI-494

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel NUC Board DE3815TYBE sans le correctif de sécurité TY0067
Intel	N/A	Intel NUC 8 Mainstream Game Mini Computer sans le correctif de sécurité INWHL357
Intel	N/A	Intel NUC 8 Mainstream Game Kit sans le correctif de sécurité INWHL357
Intel	N/A	Intel NUC Board DE3815TYBE (H26998-500 & later) sans le correctif de sécurité TY0022
Intel	N/A	Intel Active System Console for Intel Server Boards and Systems based on Intel 62X Chipset versions antérieures à 8.0 Build 24
Intel	N/A	Intel NUC Kit DN2820FYKH sans le correctif de sécurité FY0069
Intel	N/A	Intel NUC Kit DE3815TYKHE (H27002-500 & later) sans le correctif de sécurité TY0022
Intel	N/A	Intel NUC Kit DE3815TYKHE sans le correctif de sécurité TY0067
Intel	N/A	Intel Smart Connect Technology pour Intel NUC (la désinstallation est recommandée par Intel)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00296 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00286 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00261 du 08 octobre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel NUC Board DE3815TYBE sans le correctif de s\u00e9curit\u00e9 TY0067",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC 8 Mainstream Game Mini Computer sans le correctif de s\u00e9curit\u00e9 INWHL357",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC 8 Mainstream Game Kit sans le correctif de s\u00e9curit\u00e9 INWHL357",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Board DE3815TYBE (H26998-500 \u0026 later) sans le correctif de s\u00e9curit\u00e9 TY0022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Active System Console for Intel Server Boards and Systems based on Intel 62X Chipset versions ant\u00e9rieures \u00e0 8.0 Build 24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit DN2820FYKH sans le correctif de s\u00e9curit\u00e9 FY0069",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit DE3815TYKHE (H27002-500 \u0026 later) sans le correctif de s\u00e9curit\u00e9 TY0022",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit DE3815TYKHE sans le correctif de s\u00e9curit\u00e9 TY0067",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Smart Connect Technology pour Intel NUC (la d\u00e9sinstallation est recommand\u00e9e par Intel)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11167"
    },
    {
      "name": "CVE-2019-14569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14569"
    },
    {
      "name": "CVE-2019-14570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14570"
    },
    {
      "name": "CVE-2019-11120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11120"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-494",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00296 du 08 octobre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00286 du 08 octobre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00286.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00261 du 08 octobre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00261.html"
    }
  ]
}

CNVD-2019-42614

Vulnerability from cnvd - Published: 2019-11-28

Title

Intel NUC内存破坏漏洞

Description

Intel NUC Kit是美国英特尔（Intel）公司的一款小型台式电脑。 Intel NUC的系统固件存在内存破坏漏洞。本地攻击者可利用该漏洞实现权限提升、导致拒绝服务和/或获取信息。

Severity

中

Patch Name

Intel NUC内存破坏漏洞的补丁

Patch Description

Intel NUC Kit是美国英特尔（Intel）公司的一款小型台式电脑。 Intel NUC的系统固件存在内存破坏漏洞。本地攻击者可利用该漏洞实现权限提升、导致拒绝服务和/或获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-14570

Impacted products

Name
Intel Intel NUC

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-14570",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-14570"
    }
  },
  "description": "Intel NUC Kit\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5c0f\u578b\u53f0\u5f0f\u7535\u8111\u3002\n\nIntel NUC\u7684\u7cfb\u7edf\u56fa\u4ef6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6743\u9650\u63d0\u5347\u3001\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u548c/\u6216\u83b7\u53d6\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42614",
  "openTime": "2019-11-28",
  "patchDescription": "Intel NUC Kit\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5c0f\u578b\u53f0\u5f0f\u7535\u8111\u3002\r\n\r\nIntel NUC\u7684\u7cfb\u7edf\u56fa\u4ef6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6743\u9650\u63d0\u5347\u3001\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u548c/\u6216\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel NUC\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Intel NUC"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-14570",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-12",
  "title": "Intel NUC\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-14570 (GCVE-0-2019-14570)

GHSA-W697-CRQQ-Q58C

GSD-2019-14570

VAR-201910-0659

FKIE_CVE-2019-14570

CERTFR-2019-AVI-494

Solution

CERTFR-2019-AVI-494

Solution

CNVD-2019-42614

Tags

Sightings

Nomenclature