#VU23550 Improper access control in Intel products - CVE-2019-14610
Published: December 12, 2019
Vulnerability identifier: #VU23550
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-14610
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel NUC 8 Mainstream Game Kit
Intel NUC 8 Mainstream Game Mini Computer
Intel NUC Kit NUC8i7BEK
Intel Compute Card CD1P64GK
Intel NUC 8 Home - NUC8i3CYSM
Intel NUC Kit NUC8i7HNK
Intel NUC-Kit NUC7i7DNKE
Intel NUC-Kit NUC7i5DNKE
Intel NUC-Kit NUC7i3DNHE
Intel Compute Stick STK2mv64CC
Intel Compute Stick STK2m3W64CC
Intel NUC Kit NUC6i7KYK
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC7CJYH
Intel Compute Card CD1M3128MK
Intel Compute Card CD1IV128MK
Intel NUC Kit NUC6CAYS
Intel NUC Board DE3815TYBE
Intel NUC Board D34010WYB
Intel NUC 8 Mainstream Game Kit
Intel NUC 8 Mainstream Game Mini Computer
Intel NUC Kit NUC8i7BEK
Intel Compute Card CD1P64GK
Intel NUC 8 Home - NUC8i3CYSM
Intel NUC Kit NUC8i7HNK
Intel NUC-Kit NUC7i7DNKE
Intel NUC-Kit NUC7i5DNKE
Intel NUC-Kit NUC7i3DNHE
Intel Compute Stick STK2mv64CC
Intel Compute Stick STK2m3W64CC
Intel NUC Kit NUC6i7KYK
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC7CJYH
Intel Compute Card CD1M3128MK
Intel Compute Card CD1IV128MK
Intel NUC Kit NUC6CAYS
Intel NUC Board DE3815TYBE
Intel NUC Board D34010WYB
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to improper access restrictions in firmware for Intel NUC. A local user can bypass implemented security restrictions and enable escalation of privilege on the target system.
Remediation
Install updates from vendor's website.