VAR-201908-1939
Vulnerability from variot - Updated: 2023-12-18 12:50Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Intel NUC Kit NUC7i7DNx, etc. are all products of Intel Corporation of the United States. Intel NUC Kit NUC7i7DNx is a small computer host device. NUC Kit NUC7i5DNx is a small computer host device. Compute Stick STK2MV64CC is an external computing module. An input validation error vulnerability exists in the system firmware of several Intel products due to the program's insufficient session validation. A local attacker could exploit this vulnerability to elevate privileges, cause a denial of service and/or disclose information. The following products and versions are affected: Intel NUC Kit NUC7i7DNx; NUC Kit NUC7i5DNx; NUC Kit NUC7i3DNx; Compute Stick STK2MV64CC; Compute Card CD1IV128MK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compute stick",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "compute card",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "authenticate",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "3.8 earlier"
},
{
"model": "compute card",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "compute stick",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "computing improvement program",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "2.4.0.04733 earlier"
},
{
"model": "driver and support assistant",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "19.7.30.2 earlier"
},
{
"model": "nuc kit",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "processor identification utility",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "for windows 6.1.0731 earlier"
},
{
"model": "raid web console",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "2"
},
{
"model": "remote displays sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "2.0.1 r2 earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "NVD",
"id": "CVE-2019-11140"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7i3dnx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7i7dnx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7i5dnx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:compute_stick_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:compute_stick_stk2mv64cc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:compute_card_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:compute_card_cd1iv128mk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11140"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry Frolov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
],
"trust": 0.6
},
"cve": "CVE-2019-11140",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-142757",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-11140",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1254",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-142757",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142757"
},
{
"db": "NVD",
"id": "CVE-2019-11140"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Intel NUC Kit NUC7i7DNx, etc. are all products of Intel Corporation of the United States. Intel NUC Kit NUC7i7DNx is a small computer host device. NUC Kit NUC7i5DNx is a small computer host device. Compute Stick STK2MV64CC is an external computing module. An input validation error vulnerability exists in the system firmware of several Intel products due to the program\u0027s insufficient session validation. A local attacker could exploit this vulnerability to elevate privileges, cause a denial of service and/or disclose information. The following products and versions are affected: Intel NUC Kit NUC7i7DNx; NUC Kit NUC7i5DNx; NUC Kit NUC7i3DNx; Compute Stick STK2MV64CC; Compute Card CD1IV128MK",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11140"
},
{
"db": "VULHUB",
"id": "VHN-142757"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11140",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU99945432",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007558",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1254",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142757",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "NVD",
"id": "CVE-2019-11140"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
]
},
"id": "VAR-201908-1939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142757"
}
],
"trust": 0.35292397
},
"last_update_date": "2023-12-18T12:50:07.970000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[INTEL-SA-00283] Intel Computing Improvement Program Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html"
},
{
"title": "[INTEL-SA-00246] Intel RAID Web Console 2 Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html"
},
{
"title": "[INTEL-SA-00272] Intel NUC Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html"
},
{
"title": "[INTEL-SA-00275] Intel Authenticate Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html"
},
{
"title": "[INTEL-SA-00276] Intel Driver \u0026 Support Assistant Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html"
},
{
"title": "[INTEL-SA-00277] Intel Remote Displays SDK Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html"
},
{
"title": "[INTEL-SA-00281] Intel Processor Identification Utility for Windows* Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html"
},
{
"title": "Multiple Intel Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96897"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142757"
},
{
"db": "NVD",
"id": "CVE-2019-11140"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11163"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11162"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0173"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11143"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11145"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11146"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11148"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99945432/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11163"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11162"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0173"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11143"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11145"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11146"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11148"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "NVD",
"id": "CVE-2019-11140"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"db": "NVD",
"id": "CVE-2019-11140"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-142757"
},
{
"date": "2019-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"date": "2019-08-19T17:15:11.323000",
"db": "NVD",
"id": "CVE-2019-11140"
},
{
"date": "2019-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-142757"
},
{
"date": "2019-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007558"
},
{
"date": "2019-08-27T13:37:53.630000",
"db": "NVD",
"id": "CVE-2019-11140"
},
{
"date": "2019-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1254"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…