Details of VAR-201908-1939

ID

VAR-201908-1939

CVE

CVE-2019-11140

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-007558

DESCRIPTION

Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Intel NUC Kit NUC7i7DNx, etc. are all products of Intel Corporation of the United States. Intel NUC Kit NUC7i7DNx is a small computer host device. NUC Kit NUC7i5DNx is a small computer host device. Compute Stick STK2MV64CC is an external computing module. An input validation error vulnerability exists in the system firmware of several Intel products due to the program's insufficient session validation. A local attacker could exploit this vulnerability to elevate privileges, cause a denial of service and/or disclose information. The following products and versions are affected: Intel NUC Kit NUC7i7DNx; NUC Kit NUC7i5DNx; NUC Kit NUC7i3DNx; Compute Stick STK2MV64CC; Compute Card CD1IV128MK

Trust: 0.99

sources: NVD: CVE-2019-11140 // VULHUB: VHN-142757

AFFECTED PRODUCTS

vendor:	intel	model:	compute card	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	nuc kit	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	compute stick	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	authenticate	scope:	lt	version:	3.8 earlier	Trust: 0.8
vendor:	intel	model:	compute card	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute stick	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	computing improvement program	scope:	lt	version:	2.4.0.04733 earlier	Trust: 0.8
vendor:	intel	model:	driver and support assistant	scope:	lt	version:	19.7.30.2 earlier	Trust: 0.8
vendor:	intel	model:	nuc kit	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	processor identification utility	scope:	lt	version:	for windows 6.1.0731 earlier	Trust: 0.8
vendor:	intel	model:	raid web console	scope:	eq	version:	2	Trust: 0.8
vendor:	intel	model:	remote displays sdk	scope:	lt	version:	2.0.1 r2 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-007558 // NVD: CVE-2019-11140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11140
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201908-1254
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-142757
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11140
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-142757
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11140
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-142757 // CNNVD: CNNVD-201908-1254 // NVD: CVE-2019-11140

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.1

sources: VULHUB: VHN-142757 // NVD: CVE-2019-11140

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-1254

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1254

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007558

PATCH

title:	[INTEL-SA-00283] Intel Computing Improvement Program Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00283.html	Trust: 0.8
title:	[INTEL-SA-00246] Intel RAID Web Console 2 Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00246.html	Trust: 0.8
title:	[INTEL-SA-00272] Intel NUC Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html	Trust: 0.8
title:	[INTEL-SA-00275] Intel Authenticate Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00275.html	Trust: 0.8
title:	[INTEL-SA-00276] Intel Driver & Support Assistant Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html	Trust: 0.8
title:	[INTEL-SA-00277] Intel Remote Displays SDK Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00277.html	Trust: 0.8
title:	[INTEL-SA-00281] Intel Processor Identification Utility for Windows* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00281.html	Trust: 0.8
title:	Multiple Intel Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96897	Trust: 0.6

sources: JVNDB: JVNDB-2019-007558 // CNNVD: CNNVD-201908-1254

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11140	Trust: 2.5
db:	JVN	id:	JVNVU99945432	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-007558	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1254	Trust: 0.7
db:	VULHUB	id:	VHN-142757	Trust: 0.1

sources: VULHUB: VHN-142757 // JVNDB: JVNDB-2019-007558 // CNNVD: CNNVD-201908-1254 // NVD: CVE-2019-11140

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11140	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11163	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11162	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0173	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11140	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11143	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11145	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11146	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11148	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99945432/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11163	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11162	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0173	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11143	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11145	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11146	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11148	Trust: 0.8

sources: VULHUB: VHN-142757 // JVNDB: JVNDB-2019-007558 // CNNVD: CNNVD-201908-1254 // NVD: CVE-2019-11140

CREDITS

Dmitry Frolov

Trust: 0.6

sources: CNNVD: CNNVD-201908-1254

SOURCES

db:	VULHUB	id:	VHN-142757
db:	JVNDB	id:	JVNDB-2019-007558
db:	CNNVD	id:	CNNVD-201908-1254
db:	NVD	id:	CVE-2019-11140

LAST UPDATE DATE

2024-11-23T21:36:55.766000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142757	date:	2019-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-007558	date:	2019-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1254	date:	2019-09-04T00:00:00
db:	NVD	id:	CVE-2019-11140	date:	2024-11-21T04:20:36.943

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142757	date:	2019-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-007558	date:	2019-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201908-1254	date:	2019-08-19T00:00:00
db:	NVD	id:	CVE-2019-11140	date:	2019-08-19T17:15:11.323