#VU23549 Buffer overflow in Intel products - CVE-2019-14608
Published: December 12, 2019
Vulnerability identifier: #VU23549
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-14608
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel NUC 8 Mainstream Game Kit
Intel NUC 8 Mainstream Game Mini Computer
Intel NUC Kit NUC8i7BEK
Intel Compute Card CD1P64GK
Intel NUC 8 Home - NUC8i3CYSM
Intel NUC Kit NUC8i7HNK
Intel NUC-Kit NUC7i7DNKE
Intel NUC-Kit NUC7i5DNKE
Intel NUC-Kit NUC7i3DNHE
Intel Compute Stick STK2mv64CC
Intel Compute Stick STK2m3W64CC
Intel NUC Kit NUC6i7KYK
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC7CJYH
Intel Compute Card CD1M3128MK
Intel Compute Card CD1IV128MK
Intel NUC Kit NUC6CAYS
Intel NUC Board DE3815TYBE
Intel NUC Board D34010WYB
Intel NUC 8 Mainstream Game Kit
Intel NUC 8 Mainstream Game Mini Computer
Intel NUC Kit NUC8i7BEK
Intel Compute Card CD1P64GK
Intel NUC 8 Home - NUC8i3CYSM
Intel NUC Kit NUC8i7HNK
Intel NUC-Kit NUC7i7DNKE
Intel NUC-Kit NUC7i5DNKE
Intel NUC-Kit NUC7i3DNHE
Intel Compute Stick STK2mv64CC
Intel Compute Stick STK2m3W64CC
Intel NUC Kit NUC6i7KYK
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC7CJYH
Intel Compute Card CD1M3128MK
Intel Compute Card CD1IV128MK
Intel NUC Kit NUC6CAYS
Intel NUC Board DE3815TYBE
Intel NUC Board D34010WYB
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to a boundary error in firmware for Intel NUC. A local user can trigger memory corruption and enable escalation of privilege on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.