SB2019121202 - Multiple vulnerabilities in Intel NUC Firmware

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019121202

SB2019121202 - Multiple vulnerabilities in Intel NUC Firmware

Published: December 12, 2019

Security Bulletin ID SB2019121202
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2019-14612)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists in firmware for Intel NUC due to a boundary error when processing untrusted input. A local user can trigger out-of-bounds write and enable escalation of privilege on the target system.



2) Integer overflow (CVE-ID: CVE-2019-14611)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to integer overflow in firmware for Intel NUC. A local user can trigger integer overflow and enable escalation of privilege on the target system.



3) Improper input validation (CVE-ID: CVE-2019-14609)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient validation of user-supplied input in firmware for Intel NUC. A local user can enable escalation of privilege on the target system.



4) Improper access control (CVE-ID: CVE-2019-14610)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to improper access restrictions in firmware for Intel NUC. A local user can bypass implemented security restrictions and enable escalation of privilege on the target system.



5) Buffer overflow (CVE-ID: CVE-2019-14608)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to a boundary error in firmware for Intel NUC. A local user can trigger memory corruption and enable escalation of privilege on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References