Sign-up

ID

VAR-201912-0880


CVE

CVE-2019-14610


TITLE

Intel(R) NUC(R) Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-013785

DESCRIPTION

Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) NUC(R) Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel NUC 8 Mainstream Game Kit and so on are a small desktop computer of Intel Corporation of the United States. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges

Trust: 2.25

sources: NVD: CVE-2019-14610 // JVNDB: JVNDB-2019-013785 // CNVD: CNVD-2020-04679 // VULMON: CVE-2019-14610

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-04679

AFFECTED PRODUCTS

vendor:intelmodel:cd1p64gkscope:ltversion:0053

Trust: 1.0

vendor:intelmodel:nuc 8 mainstream game mini computerscope:ltversion:0036

Trust: 1.0

vendor:intelmodel:cd1iv128mkscope:ltversion:0038

Trust: 1.0

vendor:intelmodel:nuc6caysscope:ltversion:0064

Trust: 1.0

vendor:intelmodel:nuc7i5dnkescope:ltversion:0067

Trust: 1.0

vendor:intelmodel:nuc6i5syhscope:ltversion:0072

Trust: 1.0

vendor:intelmodel:nuc8i3cysmscope:ltversion:0043

Trust: 1.0

vendor:intelmodel:nuc8i7bekscope:ltversion:0077

Trust: 1.0

vendor:intelmodel:nuc7cjyhscope:ltversion:0053

Trust: 1.0

vendor:intelmodel:nuc6i7kykscope:ltversion:0066

Trust: 1.0

vendor:intelmodel:nuc 8 mainstream game kitscope:ltversion:0036

Trust: 1.0

vendor:intelmodel:stk2mv64ccscope:ltversion:0061

Trust: 1.0

vendor:intelmodel:nuc8i7hnkscope:ltversion:0059

Trust: 1.0

vendor:intelmodel:nuc7i7dnkescope:ltversion:0067

Trust: 1.0

vendor:intelmodel:d34010wybscope:ltversion:0054

Trust: 1.0

vendor:intelmodel:cd1m3128mkscope:ltversion:0058

Trust: 1.0

vendor:intelmodel:de3815tybescope:ltversion:0024

Trust: 1.0

vendor:intelmodel:nuc7i3dnhescope:ltversion:0067

Trust: 1.0

vendor:intelmodel:stk2m3w64ccscope:ltversion:0062

Trust: 1.0

vendor:intelmodel:cd1p64gkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc 8 mainstream game kitscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc 8 mainstream game mini computerscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i3dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i5dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc8i3cysmscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc8i7bekscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:stk2mv64ccscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7cjyhscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.6

vendor:intelmodel:compute card cd1m3128mkscope: - version: -

Trust: 0.6

vendor:intelmodel:compute card cd1iv128mkscope: - version: -

Trust: 0.6

vendor:intelmodel:compute card cd1p64gkscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kit nuc6caysscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kit nuc6i7kykscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kit nuc6i5syhscope: - version: -

Trust: 0.6

vendor:intelmodel:compute stick stk2mv64ccscope: - version: -

Trust: 0.6

vendor:intelmodel:compute stick stk2m3w64ccscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc mainstream game kitscope:eqversion:8

Trust: 0.6

vendor:intelmodel:nuc mainstream game mini computerscope:eqversion:8

Trust: 0.6

vendor:intelmodel:nuc kit nuc8i7bekscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc home nuc8i3cysmscope:eqversion:8-

Trust: 0.6

vendor:intelmodel:nuc-kit nuc7i7dnkescope: - version: -

Trust: 0.6

vendor:intelmodel:nuc-kit nuc7i5dnkescope: - version: -

Trust: 0.6

vendor:intelmodel:nuc-kit nuc7i3dnhescope: - version: -

Trust: 0.6

vendor:intelmodel:nuc board de3815tybescope: - version: -

Trust: 0.6

vendor:intelmodel:nuc board d34010wybscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-04679 // JVNDB: JVNDB-2019-013785 // NVD: CVE-2019-14610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14610
value: HIGH

Trust: 1.0

NVD: CVE-2019-14610
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-04679
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-581
value: HIGH

Trust: 0.6

VULMON: CVE-2019-14610
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-14610
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-04679
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14610
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-14610
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-04679 // VULMON: CVE-2019-14610 // JVNDB: JVNDB-2019-013785 // CNNVD: CNNVD-201912-581 // NVD: CVE-2019-14610

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2019-013785 // NVD: CVE-2019-14610

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-581

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-581

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013785

PATCH
title:INTEL-SA-00323url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Trust: 0.8
title:Patch for Intel NUC Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/200041
Trust: 0.6
title:Multiple Intel Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105792
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-04679 // 
            
            
            
            JVNDB: JVNDB-2019-013785 // 
            
            
            
            CNNVD: CNNVD-201912-581

EXTERNAL IDS
db:NVDid:CVE-2019-14610
Trust: 3.1
db:JVNid:JVNVU93632155
Trust: 0.8
db:JVNDBid:JVNDB-2019-013785
Trust: 0.8
db:CNVDid:CNVD-2020-04679
Trust: 0.6
db:AUSCERTid:ESB-2019.4655
Trust: 0.6
db:CNNVDid:CNNVD-201912-581
Trust: 0.6
db:VULMONid:CVE-2019-14610
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-04679 // 
            
            
            
            VULMON: CVE-2019-14610 // 
            
            
            
            JVNDB: JVNDB-2019-013785 // 
            
            
            
            CNNVD: CNNVD-201912-581 // 
            
            
            
            NVD: CVE-2019-14610

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-14610
Trust: 2.0
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14610
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93632155/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4655/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/172926
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-04679 // 
            
            
            
            VULMON: CVE-2019-14610 // 
            
            
            
            JVNDB: JVNDB-2019-013785 // 
            
            
            
            CNNVD: CNNVD-201912-581 // 
            
            
            
            NVD: CVE-2019-14610

SOURCES
db:CNVDid:CNVD-2020-04679
db:VULMONid:CVE-2019-14610
db:JVNDBid:JVNDB-2019-013785
db:CNNVDid:CNNVD-201912-581
db:NVDid:CVE-2019-14610

LAST UPDATE DATE
2024-11-23T20:02:19.849000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-04679date:2020-02-12T00:00:00
db:VULMONid:CVE-2019-14610date:2020-01-02T00:00:00
db:JVNDBid:JVNDB-2019-013785date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-581date:2020-05-15T00:00:00
db:NVDid:CVE-2019-14610date:2024-11-21T04:27:02.127

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-04679date:2020-02-12T00:00:00
db:VULMONid:CVE-2019-14610date:2019-12-16T00:00:00
db:JVNDBid:JVNDB-2019-013785date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-581date:2019-12-12T00:00:00
db:NVDid:CVE-2019-14610date:2019-12-16T20:15:15.337