Details of VAR-201912-0878

ID

VAR-201912-0878

CVE

CVE-2019-14609

TITLE

Intel(R) NUC(R) Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013795

DESCRIPTION

Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) NUC(R) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel NUC 8 Mainstream Game Kit and so on are a small desktop computer of Intel Corporation of the United States

Trust: 2.16

sources: NVD: CVE-2019-14609 // JVNDB: JVNDB-2019-013795 // CNVD: CNVD-2020-04680

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-04680

AFFECTED PRODUCTS

vendor:	intel	model:	cd1p64gk	scope:	lt	version:	0053	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream game mini computer	scope:	lt	version:	0036	Trust: 1.0
vendor:	intel	model:	cd1iv128mk	scope:	lt	version:	0038	Trust: 1.0
vendor:	intel	model:	nuc6cays	scope:	lt	version:	0064	Trust: 1.0
vendor:	intel	model:	nuc7i5dnke	scope:	lt	version:	0067	Trust: 1.0
vendor:	intel	model:	nuc6i5syh	scope:	lt	version:	0072	Trust: 1.0
vendor:	intel	model:	nuc8i3cysm	scope:	lt	version:	0043	Trust: 1.0
vendor:	intel	model:	nuc8i7bek	scope:	lt	version:	0077	Trust: 1.0
vendor:	intel	model:	nuc7cjyh	scope:	lt	version:	0053	Trust: 1.0
vendor:	intel	model:	nuc6i7kyk	scope:	lt	version:	0066	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream game kit	scope:	lt	version:	0036	Trust: 1.0
vendor:	intel	model:	stk2mv64cc	scope:	lt	version:	0061	Trust: 1.0
vendor:	intel	model:	nuc8i7hnk	scope:	lt	version:	0059	Trust: 1.0
vendor:	intel	model:	nuc7i7dnke	scope:	lt	version:	0067	Trust: 1.0
vendor:	intel	model:	d34010wyb	scope:	lt	version:	0054	Trust: 1.0
vendor:	intel	model:	cd1m3128mk	scope:	lt	version:	0058	Trust: 1.0
vendor:	intel	model:	de3815tybe	scope:	lt	version:	0024	Trust: 1.0
vendor:	intel	model:	nuc7i3dnhe	scope:	lt	version:	0067	Trust: 1.0
vendor:	intel	model:	stk2m3w64cc	scope:	lt	version:	0062	Trust: 1.0
vendor:	intel	model:	cd1p64gk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 mainstream game kit	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 mainstream game mini computer	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc7i3dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc7i5dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc7i7dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i3cysm	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i7bek	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i7hnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	stk2mv64cc	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7cjyh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1m3128mk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1iv128mk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1p64gk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6cays	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6i7kyk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6i5syh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute stick stk2mv64cc	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute stick stk2m3w64cc	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc mainstream game kit	scope:	eq	version:	8	Trust: 0.6
vendor:	intel	model:	nuc mainstream game mini computer	scope:	eq	version:	8	Trust: 0.6
vendor:	intel	model:	nuc kit nuc8i7bek	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc home nuc8i3cysm	scope:	eq	version:	8-	Trust: 0.6
vendor:	intel	model:	nuc-kit nuc7i7dnke	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc-kit nuc7i5dnke	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc-kit nuc7i3dnhe	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc board de3815tybe	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc board d34010wyb	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc8i7bek	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	cd1iv128mk	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc6cays	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	d34010wyb	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc6i7kyk	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc6i5syh	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	de3815tybe	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	cd1m3128mk	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	stk2m3w64cc	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7cjyh	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-04680 // JVNDB: JVNDB-2019-013795 // CNNVD: CNNVD-201912-579 // NVD: CVE-2019-14609

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14609
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-14609
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-04680
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-579
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-14609
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-04680
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-14609
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14609
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-04680 // JVNDB: JVNDB-2019-013795 // CNNVD: CNNVD-201912-579 // NVD: CVE-2019-14609

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-013795 // NVD: CVE-2019-14609

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-579

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013795

PATCH

title:	INTEL-SA-00323	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html	Trust: 0.8
title:	Patch for Intel NUC Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/200053	Trust: 0.6
title:	Multiple Intel Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106358	Trust: 0.6

sources: CNVD: CNVD-2020-04680 // JVNDB: JVNDB-2019-013795 // CNNVD: CNNVD-201912-579

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14609	Trust: 3.0
db:	JVN	id:	JVNVU93632155	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013795	Trust: 0.8
db:	CNVD	id:	CNVD-2020-04680	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4655	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-579	Trust: 0.6

sources: CNVD: CNVD-2020-04680 // JVNDB: JVNDB-2019-013795 // CNNVD: CNNVD-201912-579 // NVD: CVE-2019-14609

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-14609	Trust: 2.0
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14609	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93632155/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.4655/	Trust: 0.6

sources: CNVD: CNVD-2020-04680 // JVNDB: JVNDB-2019-013795 // CNNVD: CNNVD-201912-579 // NVD: CVE-2019-14609

SOURCES

db:	CNVD	id:	CNVD-2020-04680
db:	JVNDB	id:	JVNDB-2019-013795
db:	CNNVD	id:	CNNVD-201912-579
db:	NVD	id:	CVE-2019-14609

LAST UPDATE DATE

2024-11-23T20:35:23.570000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-04680	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-013795	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-579	date:	2019-12-27T00:00:00
db:	NVD	id:	CVE-2019-14609	date:	2024-11-21T04:27:01.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-04680	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-013795	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-579	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-14609	date:	2019-12-16T20:15:15.290