Sign-up

ID

VAR-201911-1636


CVE

CVE-2019-0145


TITLE

Intel(R) Ethernet 700 Series Controller Vulnerable to classic buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2019-012095

DESCRIPTION

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could use this vulnerability to achieve privilege elevation

Trust: 2.25

sources: NVD: CVE-2019-0145 // JVNDB: JVNDB-2019-012095 // CNVD: CNVD-2019-41462 // VULHUB: VHN-140176

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41462

AFFECTED PRODUCTS

vendor:intelmodel:ethernet controller 710-bm1scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-at2scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-bm2scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-tm4scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller xxv710-am1scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller xxv710-am2scope:ltversion:7.0

Trust: 1.8

vendor:linuxmodel:kernelscope:ltversion:4.19.139

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.205

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.244

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.6

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.2

Trust: 1.0

vendor:intelmodel:ethernet 700 series softwarescope:ltversion:24.0

Trust: 1.0

vendor:intelmodel:ethernet 700 series softwarescope: - version: -

Trust: 0.8

vendor:intelmodel:ethernet series controllerscope:eqversion:700<7.0

Trust: 0.6

sources: CNVD: CNVD-2019-41462 // JVNDB: JVNDB-2019-012095 // NVD: CVE-2019-0145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0145
value: HIGH

Trust: 1.0

NVD: CVE-2019-0145
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-41462
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-567
value: HIGH

Trust: 0.6

VULHUB: VHN-140176
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0145
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41462
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-140176
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0145
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-0145
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41462 // VULHUB: VHN-140176 // JVNDB: JVNDB-2019-012095 // CNNVD: CNNVD-201911-567 // NVD: CVE-2019-0145

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-140176 // JVNDB: JVNDB-2019-012095 // NVD: CVE-2019-0145

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-567

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-567

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012095

PATCH
title:INTEL-SA-00255url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html
Trust: 0.8
title:Patch for Intel Ethernet 700 Series Controllers Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/191081
Trust: 0.6
title:Intel Ethernet 700 Series Controllers i40e driver Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104470
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41462 // 
            
            
            
            JVNDB: JVNDB-2019-012095 // 
            
            
            
            CNNVD: CNNVD-201911-567

EXTERNAL IDS
db:NVDid:CVE-2019-0145
Trust: 3.1
db:JVNid:JVNVU90354904
Trust: 0.8
db:JVNDBid:JVNDB-2019-012095
Trust: 0.8
db:CNNVDid:CNNVD-201911-567
Trust: 0.7
db:CNVDid:CNVD-2019-41462
Trust: 0.6
db:LENOVOid:LEN-27715
Trust: 0.6
db:VULHUBid:VHN-140176
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41462 // 
            
            
            
            VULHUB: VHN-140176 // 
            
            
            
            JVNDB: JVNDB-2019-012095 // 
            
            
            
            CNNVD: CNNVD-201911-567 // 
            
            
            
            NVD: CVE-2019-0145

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-0145
Trust: 2.0
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0145
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90354904/
Trust: 0.8
url:https://vigilance.fr/vulnerability/intel-ethernet-700-series-controllers-multiple-vulnerabilities-30850
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-27715
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41462 // 
            
            
            
            VULHUB: VHN-140176 // 
            
            
            
            JVNDB: JVNDB-2019-012095 // 
            
            
            
            CNNVD: CNNVD-201911-567 // 
            
            
            
            NVD: CVE-2019-0145

SOURCES
db:CNVDid:CNVD-2019-41462
db:VULHUBid:VHN-140176
db:JVNDBid:JVNDB-2019-012095
db:CNNVDid:CNNVD-201911-567
db:NVDid:CVE-2019-0145

LAST UPDATE DATE
2024-08-14T12:53:54.767000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41462date:2019-11-20T00:00:00
db:VULHUBid:VHN-140176date:2023-02-24T00:00:00
db:JVNDBid:JVNDB-2019-012095date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-567date:2020-07-07T00:00:00
db:NVDid:CVE-2019-0145date:2023-02-24T18:42:50.847

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41462date:2019-11-20T00:00:00
db:VULHUBid:VHN-140176date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-012095date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-567date:2019-11-12T00:00:00
db:NVDid:CVE-2019-0145date:2019-11-14T19:15:12.207