Details of VAR-201905-0868

ID

VAR-201905-0868

CVE

CVE-2019-0120

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. plural Intel The product contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Unified Extensible Firmware Interface is prone to multiple security vulnerabilities. Attackers can leverage these issues to gain elevated privileges and execute arbitrary code to cause denial-of-service conditions on the affected device. are all products of Intel Corporation of the United States. Intel Pentium Processor J Series is a Pentium (Pentium) J series CPU (central processing unit). Intel Pentium Processor N Series is a Pentium (Pentium) N series CPU (central processing unit). Intel Celeron J Series is a Celeron J-series CPU (Central Processing Unit). The silicon reference firmware in several Intel products has an access control error vulnerability. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 1.98

sources: NVD: CVE-2019-0120 // JVNDB: JVNDB-2019-004717 // BID: 108485 // VULHUB: VHN-140151

AFFECTED PRODUCTS

vendor:	intel	model:	atom x5-e3940	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	atom x7-e3950	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	n5000	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3000	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2940	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2830	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium silver j5005	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n4100	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	j4205	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3355	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n4000	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2930	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3450	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n3350	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	j3710	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3455	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	pentium silver n5000	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	atom 330	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j4105	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	atom x5-e3930	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron n2840	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	j5005	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3160	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j3060	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	n3530	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	n3540	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	atom 230	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	celeron j4005	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	acu wizard	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	driver and support assistant	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	dynamic application loader	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	i915	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc board nuc7i7dnbe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i5dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hvk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus ii programmer and tools	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus prime	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	scs discovery utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	unite client	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	celeron j4005	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	celeron j4105	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	celeron n4000	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	celeron n4100	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	j3710	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	j4205	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	j5005	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	n3530	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	n3540	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	n5000	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon scalable processors	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	xeon d processor	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	pentium silver processor series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	pentium processor n series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	pentium processor j series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	compute module	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	celeron processor n series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	celeron processor j series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	atom processor e3900 series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	atom processor a series	scope:	eq	version:	0	Trust: 0.3

sources: BID: 108485 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004717 // NVD: CVE-2019-0120

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0120
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0120
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-767
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140151
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0120
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140151
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0120
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140151 // JVNDB: JVNDB-2019-004717 // CNNVD: CNNVD-201905-767 // NVD: CVE-2019-0120

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-140151 // JVNDB: JVNDB-2019-004717 // NVD: CVE-2019-0120

THREAT TYPE

local

Trust: 0.9

sources: BID: 108485 // CNNVD: CNNVD-201905-767

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201905-767

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003441

PATCH

title:	INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html	Trust: 0.8
title:	INTEL-SA-00244 - IntelR QuartusR Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html	Trust: 0.8
title:	INTEL-SA-00245 - Intel UniteR Client for Android* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html	Trust: 0.8
title:	INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html	Trust: 0.8
title:	INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html	Trust: 0.8
title:	INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 0.8
title:	INTEL-SA-00251 - IntelR NUC Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html	Trust: 0.8
title:	INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html	Trust: 0.8
title:	INTEL-SA-00252 - IntelR Driver & Support Assistant Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html	Trust: 0.8
title:	INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html	Trust: 0.8
title:	INTEL-SA-00228 - Intel UniteR Client Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html	Trust: 0.8
title:	INTEL-SA-00233 - Microarchitectural Data Sampling Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Trust: 0.8
title:	INTEL-SA-00223	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00223.html	Trust: 0.8

sources: JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004717

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0120	Trust: 2.8
db:	BID	id:	108485	Trust: 2.0
db:	JVN	id:	JVNVU92328381	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-003441	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-004717	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-767	Trust: 0.7
db:	LENOVO	id:	LEN-26294	Trust: 0.6
db:	VULHUB	id:	VHN-140151	Trust: 0.1

sources: VULHUB: VHN-140151 // BID: 108485 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004717 // CNNVD: CNNVD-201905-767 // NVD: CVE-2019-0120

REFERENCES

url:	http://www.securityfocus.com/bid/108485	Trust: 2.3
url:	https://support.f5.com/csp/article/k29002929	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0120	Trust: 1.4
url:	http://www.intel.com/	Trust: 0.9
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu92328381/index.html	Trust: 0.8
url:	https://mdsattacks.com/files/ridl.pdf	Trust: 0.8
url:	https://mdsattacks.com/files/fallout.pdf	Trust: 0.8
url:	https://zombieloadattack.com/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0120	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92328381/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html	Trust: 0.8
url:	https://support.lenovo.com/us/en/product_security/len-26294	Trust: 0.6

sources: VULHUB: VHN-140151 // BID: 108485 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004717 // CNNVD: CNNVD-201905-767 // NVD: CVE-2019-0120

CREDITS

Intel

Trust: 0.9

sources: BID: 108485 // CNNVD: CNNVD-201905-767

SOURCES

db:	VULHUB	id:	VHN-140151
db:	BID	id:	108485
db:	JVNDB	id:	JVNDB-2019-003441
db:	JVNDB	id:	JVNDB-2019-004717
db:	CNNVD	id:	CNNVD-201905-767
db:	NVD	id:	CVE-2019-0120

LAST UPDATE DATE

2024-11-23T20:55:58.442000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140151	date:	2020-08-24T00:00:00
db:	BID	id:	108485	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004717	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-767	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0120	date:	2024-11-21T04:16:16.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140151	date:	2019-05-17T00:00:00
db:	BID	id:	108485	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004717	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-767	date:	2019-05-17T00:00:00
db:	NVD	id:	CVE-2019-0120	date:	2019-05-17T16:29:01.843