Details of VAR-201912-0881

ID

VAR-201912-0881

CVE

CVE-2019-14611

TITLE

Intel(R) NUC(R) Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013786

DESCRIPTION

Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) NUC(R) Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel NUC 8 Mainstream Game Kit and so on are a small desktop computer of Intel Corporation of the United States

Trust: 2.25

sources: NVD: CVE-2019-14611 // JVNDB: JVNDB-2019-013786 // CNVD: CNVD-2020-04683 // VULMON: CVE-2019-14611

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-04683

AFFECTED PRODUCTS

vendor:	intel	model:	cd1p64gk	scope:	lt	version:	0053	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream game mini computer	scope:	lt	version:	0036	Trust: 1.0
vendor:	intel	model:	cd1iv128mk	scope:	lt	version:	0038	Trust: 1.0
vendor:	intel	model:	nuc6cays	scope:	lt	version:	0064	Trust: 1.0
vendor:	intel	model:	nuc7i5dnke	scope:	lt	version:	0067	Trust: 1.0
vendor:	intel	model:	nuc6i5syh	scope:	lt	version:	0072	Trust: 1.0
vendor:	intel	model:	nuc8i3cysm	scope:	lt	version:	0043	Trust: 1.0
vendor:	intel	model:	nuc8i7bek	scope:	lt	version:	0077	Trust: 1.0
vendor:	intel	model:	nuc7cjyh	scope:	lt	version:	0053	Trust: 1.0
vendor:	intel	model:	nuc6i7kyk	scope:	lt	version:	0066	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream game kit	scope:	lt	version:	0036	Trust: 1.0
vendor:	intel	model:	stk2mv64cc	scope:	lt	version:	0061	Trust: 1.0
vendor:	intel	model:	nuc8i7hnk	scope:	lt	version:	0059	Trust: 1.0
vendor:	intel	model:	nuc7i7dnke	scope:	lt	version:	0067	Trust: 1.0
vendor:	intel	model:	d34010wyb	scope:	lt	version:	0054	Trust: 1.0
vendor:	intel	model:	cd1m3128mk	scope:	lt	version:	0058	Trust: 1.0
vendor:	intel	model:	de3815tybe	scope:	lt	version:	0024	Trust: 1.0
vendor:	intel	model:	nuc7i3dnhe	scope:	lt	version:	0067	Trust: 1.0
vendor:	intel	model:	stk2m3w64cc	scope:	lt	version:	0062	Trust: 1.0
vendor:	intel	model:	cd1p64gk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 mainstream game kit	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 mainstream game mini computer	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc7i3dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc7i5dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc7i7dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i3cysm	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i7bek	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i7hnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	stk2mv64cc	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7cjyh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1m3128mk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1iv128mk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1p64gk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6cays	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6i7kyk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6i5syh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute stick stk2mv64cc	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute stick stk2m3w64cc	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc mainstream game kit	scope:	eq	version:	8	Trust: 0.6
vendor:	intel	model:	nuc mainstream game mini computer	scope:	eq	version:	8	Trust: 0.6
vendor:	intel	model:	nuc kit nuc8i7bek	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc home nuc8i3cysm	scope:	eq	version:	8-	Trust: 0.6
vendor:	intel	model:	nuc-kit nuc7i7dnke	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc-kit nuc7i5dnke	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc-kit nuc7i3dnhe	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc board de3815tybe	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc board d34010wyb	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	stk2mv64cc	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7i3dnhe	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc6i7kyk	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7i7dnke	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc8i7hnk	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc6i5syh	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc8i3cysm	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	stk2m3w64cc	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7i5dnke	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7cjyh	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-04683 // JVNDB: JVNDB-2019-013786 // CNNVD: CNNVD-201912-580 // NVD: CVE-2019-14611

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14611
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-14611
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-04683
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-580
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-14611
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-14611
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-04683
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-14611
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14611
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-04683 // VULMON: CVE-2019-14611 // JVNDB: JVNDB-2019-013786 // CNNVD: CNNVD-201912-580 // NVD: CVE-2019-14611

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-013786 // NVD: CVE-2019-14611

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-580

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-580

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013786

PATCH

title:	INTEL-SA-00323	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html	Trust: 0.8
title:	Patch for Intel NUC Integer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/200039	Trust: 0.6
title:	Multiple Intel Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106250	Trust: 0.6

sources: CNVD: CNVD-2020-04683 // JVNDB: JVNDB-2019-013786 // CNNVD: CNNVD-201912-580

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14611	Trust: 3.1
db:	JVN	id:	JVNVU93632155	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013786	Trust: 0.8
db:	CNVD	id:	CNVD-2020-04683	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4655	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-580	Trust: 0.6
db:	VULMON	id:	CVE-2019-14611	Trust: 0.1

sources: CNVD: CNVD-2020-04683 // VULMON: CVE-2019-14611 // JVNDB: JVNDB-2019-013786 // CNNVD: CNNVD-201912-580 // NVD: CVE-2019-14611

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-14611	Trust: 2.0
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14611	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93632155/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00324.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4655/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-04683 // VULMON: CVE-2019-14611 // JVNDB: JVNDB-2019-013786 // CNNVD: CNNVD-201912-580 // NVD: CVE-2019-14611

SOURCES

db:	CNVD	id:	CNVD-2020-04683
db:	VULMON	id:	CVE-2019-14611
db:	JVNDB	id:	JVNDB-2019-013786
db:	CNNVD	id:	CNNVD-201912-580
db:	NVD	id:	CVE-2019-14611

LAST UPDATE DATE

2024-11-23T21:06:18.200000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-04683	date:	2020-02-12T00:00:00
db:	VULMON	id:	CVE-2019-14611	date:	2019-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2019-013786	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-580	date:	2020-01-02T00:00:00
db:	NVD	id:	CVE-2019-14611	date:	2024-11-21T04:27:02.317

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-04683	date:	2020-02-12T00:00:00
db:	VULMON	id:	CVE-2019-14611	date:	2019-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-013786	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-580	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-14611	date:	2019-12-16T20:15:15.413