Details of VAR-201905-0869

ID

VAR-201905-0869

CVE

CVE-2019-0126

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel Unified Extensible Firmware Interface is prone to multiple security vulnerabilities. Attackers can leverage these issues to gain elevated privileges and execute arbitrary code to cause denial-of-service conditions on the affected device. Intel Xeon Scalable Processors are a scalable server central processing unit (CPU). Intel Xeon Processor D Family is a Xeon D series server central processing unit (CPU). The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 2.07

sources: NVD: CVE-2019-0126 // JVNDB: JVNDB-2019-004718 // BID: 108485 // VULHUB: VHN-140157 // VULMON: CVE-2019-0126

AFFECTED PRODUCTS

vendor:	intel	model:	xeon gold processors	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1513n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1653n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2142it	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2166nt	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1539	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1567	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1577	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2123it	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1622	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1571	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1537	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2145nt	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1623n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1518	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1521	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1533n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1523n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1540	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1557	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2183it	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2191	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon bronze processors	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon silver processors	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2141i	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1649n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2163it	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1559	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1602	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1527	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2161i	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2146nt	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1531	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1627	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2187nt	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1520	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon platinum processors	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2143it	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1541	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1528	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1633n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1637	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1543n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2177nt	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1529	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1548	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-2173it	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	xeon d-1553n	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	acu wizard	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	driver and support assistant	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	dynamic application loader	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	i915	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc board nuc7i7dnbe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i5dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hvk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus ii programmer and tools	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus prime	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	scs discovery utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	unite client	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-1602	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-1622	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-1623n	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-1627	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-1633n	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-1637	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-1649n	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-1653n	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-2141i	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon d-2177nt	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	xeon scalable processors	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	xeon d processor	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	pentium silver processor series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	pentium processor n series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	pentium processor j series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	compute module	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	celeron processor n series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	celeron processor j series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	atom processor e3900 series	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	atom processor a series	scope:	eq	version:	0	Trust: 0.3

sources: BID: 108485 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004718 // NVD: CVE-2019-0126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0126
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0126
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-752
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140157
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-0126
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-0126
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-140157
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0126
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140157 // VULMON: CVE-2019-0126 // JVNDB: JVNDB-2019-004718 // CNNVD: CNNVD-201905-752 // NVD: CVE-2019-0126

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-140157 // JVNDB: JVNDB-2019-004718 // NVD: CVE-2019-0126

THREAT TYPE

local

Trust: 0.9

sources: BID: 108485 // CNNVD: CNNVD-201905-752

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-752

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003441

PATCH

title:	INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html	Trust: 0.8
title:	INTEL-SA-00244 - IntelR QuartusR Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html	Trust: 0.8
title:	INTEL-SA-00245 - Intel UniteR Client for Android* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html	Trust: 0.8
title:	INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html	Trust: 0.8
title:	INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html	Trust: 0.8
title:	INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 0.8
title:	INTEL-SA-00251 - IntelR NUC Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html	Trust: 0.8
title:	INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html	Trust: 0.8
title:	INTEL-SA-00252 - IntelR Driver & Support Assistant Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html	Trust: 0.8
title:	INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html	Trust: 0.8
title:	INTEL-SA-00228 - Intel UniteR Client Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html	Trust: 0.8
title:	INTEL-SA-00233 - Microarchitectural Data Sampling Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Trust: 0.8
title:	INTEL-SA-00223	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00223.html	Trust: 0.8
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03617 rev. 4 - Intel UEFI System Firmware Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=b0413432f47d216ea618a3e80ce26619	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03617 rev. 4 - Intel UEFI System Firmware Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=08e377565fb7f0ab3c26bbc2a0fc9135	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/	Trust: 0.1

sources: VULMON: CVE-2019-0126 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004718

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0126	Trust: 2.9
db:	BID	id:	108485	Trust: 2.1
db:	JVN	id:	JVNVU92328381	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-003441	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-004718	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-752	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2048	Trust: 0.6
db:	LENOVO	id:	LEN-26294	Trust: 0.6
db:	CNVD	id:	CNVD-2020-18584	Trust: 0.1
db:	VULHUB	id:	VHN-140157	Trust: 0.1
db:	VULMON	id:	CVE-2019-0126	Trust: 0.1

sources: VULHUB: VHN-140157 // VULMON: CVE-2019-0126 // BID: 108485 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004718 // CNNVD: CNNVD-201905-752 // NVD: CVE-2019-0126

REFERENCES

url:	http://www.securityfocus.com/bid/108485	Trust: 2.4
url:	https://support.f5.com/csp/article/k37428370	Trust: 1.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0126	Trust: 1.4
url:	http://www.intel.com/	Trust: 0.9
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu92328381/index.html	Trust: 0.8
url:	https://mdsattacks.com/files/ridl.pdf	Trust: 0.8
url:	https://mdsattacks.com/files/fallout.pdf	Trust: 0.8
url:	https://zombieloadattack.com/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0126	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92328381/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2048/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-26294	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.hp.com//us-en/document/c06330147	Trust: 0.1
url:	https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/	Trust: 0.1

CREDITS

Intel

Trust: 0.9

sources: BID: 108485 // CNNVD: CNNVD-201905-752

SOURCES

db:	VULHUB	id:	VHN-140157
db:	VULMON	id:	CVE-2019-0126
db:	BID	id:	108485
db:	JVNDB	id:	JVNDB-2019-003441
db:	JVNDB	id:	JVNDB-2019-004718
db:	CNNVD	id:	CNNVD-201905-752
db:	NVD	id:	CVE-2019-0126

LAST UPDATE DATE

2024-11-23T20:10:09.445000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140157	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-0126	date:	2021-06-21T00:00:00
db:	BID	id:	108485	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004718	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-752	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0126	date:	2024-11-21T04:16:17.373

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140157	date:	2019-05-17T00:00:00
db:	VULMON	id:	CVE-2019-0126	date:	2019-05-17T00:00:00
db:	BID	id:	108485	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004718	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-752	date:	2019-05-17T00:00:00
db:	NVD	id:	CVE-2019-0126	date:	2019-05-17T16:29:01.923