ID

VAR-201911-1636


CVE

CVE-2019-0145


TITLE

Intel(R) Ethernet 700 Series Controller Vulnerable to classic buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2019-012095

DESCRIPTION

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could use this vulnerability to achieve privilege elevation

Trust: 2.25

sources: NVD: CVE-2019-0145 // JVNDB: JVNDB-2019-012095 // CNVD: CNVD-2019-41462 // VULHUB: VHN-140176

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41462

AFFECTED PRODUCTS

vendor:intelmodel:ethernet controller 710-bm1scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-at2scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-bm2scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-tm4scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller xxv710-am1scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller xxv710-am2scope:ltversion:7.0

Trust: 1.8

vendor:linuxmodel:kernelscope:ltversion:4.19.139

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.205

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.244

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.6

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.2

Trust: 1.0

vendor:intelmodel:ethernet 700 series softwarescope:ltversion:24.0

Trust: 1.0

vendor:intelmodel:ethernet 700 series softwarescope: - version: -

Trust: 0.8

vendor:intelmodel:ethernet series controllerscope:eqversion:700<7.0

Trust: 0.6

sources: CNVD: CNVD-2019-41462 // JVNDB: JVNDB-2019-012095 // NVD: CVE-2019-0145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0145
value: HIGH

Trust: 1.0

NVD: CVE-2019-0145
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-41462
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-567
value: HIGH

Trust: 0.6

VULHUB: VHN-140176
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0145
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41462
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-140176
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0145
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-0145
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41462 // VULHUB: VHN-140176 // JVNDB: JVNDB-2019-012095 // CNNVD: CNNVD-201911-567 // NVD: CVE-2019-0145

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-140176 // JVNDB: JVNDB-2019-012095 // NVD: CVE-2019-0145

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-567

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-567

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012095

PATCH

title:INTEL-SA-00255url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html

Trust: 0.8

title:Patch for Intel Ethernet 700 Series Controllers Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/191081

Trust: 0.6

title:Intel Ethernet 700 Series Controllers i40e driver Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104470

Trust: 0.6

sources: CNVD: CNVD-2019-41462 // JVNDB: JVNDB-2019-012095 // CNNVD: CNNVD-201911-567

EXTERNAL IDS

db:NVDid:CVE-2019-0145

Trust: 3.1

db:JVNid:JVNVU90354904

Trust: 0.8

db:JVNDBid:JVNDB-2019-012095

Trust: 0.8

db:CNNVDid:CNNVD-201911-567

Trust: 0.7

db:CNVDid:CNVD-2019-41462

Trust: 0.6

db:LENOVOid:LEN-27715

Trust: 0.6

db:VULHUBid:VHN-140176

Trust: 0.1

sources: CNVD: CNVD-2019-41462 // VULHUB: VHN-140176 // JVNDB: JVNDB-2019-012095 // CNNVD: CNNVD-201911-567 // NVD: CVE-2019-0145

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-0145

Trust: 2.0

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0145

Trust: 0.8

url:https://jvn.jp/vu/jvnvu90354904/

Trust: 0.8

url:https://vigilance.fr/vulnerability/intel-ethernet-700-series-controllers-multiple-vulnerabilities-30850

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-27715

Trust: 0.6

sources: CNVD: CNVD-2019-41462 // VULHUB: VHN-140176 // JVNDB: JVNDB-2019-012095 // CNNVD: CNNVD-201911-567 // NVD: CVE-2019-0145

SOURCES

db:CNVDid:CNVD-2019-41462
db:VULHUBid:VHN-140176
db:JVNDBid:JVNDB-2019-012095
db:CNNVDid:CNNVD-201911-567
db:NVDid:CVE-2019-0145

LAST UPDATE DATE

2024-08-14T12:53:54.767000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-41462date:2019-11-20T00:00:00
db:VULHUBid:VHN-140176date:2023-02-24T00:00:00
db:JVNDBid:JVNDB-2019-012095date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-567date:2020-07-07T00:00:00
db:NVDid:CVE-2019-0145date:2023-02-24T18:42:50.847

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-41462date:2019-11-20T00:00:00
db:VULHUBid:VHN-140176date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-012095date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-567date:2019-11-12T00:00:00
db:NVDid:CVE-2019-0145date:2019-11-14T19:15:12.207