Sign-up

ID

VAR-201912-0882


CVE

CVE-2019-14612


TITLE

Intel(R) NUC(R) Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-013787

DESCRIPTION

Out of bounds write in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) NUC(R) Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel NUC Kit NUC7i5DNKE and other products are products of Intel Corporation of the United States. Intel NUC Kit NUC7i5DNKE is a mini-host product. Intel NUC 8 Mainstream Game Kit is a small desktop computer. Intel NUC 8 Mainstream Game Mini Computer is a small desktop computer. An out-of-bounds write vulnerability exists in the Intel NUC firmware. Local attackers can use this vulnerability to elevate privileges

Trust: 2.16

sources: NVD: CVE-2019-14612 // JVNDB: JVNDB-2019-013787 // CNVD: CNVD-2020-04682

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-04682

AFFECTED PRODUCTS

vendor:intelmodel:cd1p64gkscope:ltversion:0053

Trust: 1.0

vendor:intelmodel:nuc 8 mainstream game mini computerscope:ltversion:0036

Trust: 1.0

vendor:intelmodel:cd1iv128mkscope:ltversion:0038

Trust: 1.0

vendor:intelmodel:nuc6caysscope:ltversion:0064

Trust: 1.0

vendor:intelmodel:nuc7i5dnkescope:ltversion:0067

Trust: 1.0

vendor:intelmodel:nuc6i5syhscope:ltversion:0072

Trust: 1.0

vendor:intelmodel:nuc8i3cysmscope:ltversion:0043

Trust: 1.0

vendor:intelmodel:nuc8i7bekscope:ltversion:0077

Trust: 1.0

vendor:intelmodel:nuc7cjyhscope:ltversion:0053

Trust: 1.0

vendor:intelmodel:nuc6i7kykscope:ltversion:0066

Trust: 1.0

vendor:intelmodel:nuc 8 mainstream game kitscope:ltversion:0036

Trust: 1.0

vendor:intelmodel:stk2mv64ccscope:ltversion:0061

Trust: 1.0

vendor:intelmodel:nuc8i7hnkscope:ltversion:0059

Trust: 1.0

vendor:intelmodel:nuc7i7dnkescope:ltversion:0067

Trust: 1.0

vendor:intelmodel:d34010wybscope:ltversion:0054

Trust: 1.0

vendor:intelmodel:cd1m3128mkscope:ltversion:0058

Trust: 1.0

vendor:intelmodel:de3815tybescope:ltversion:0024

Trust: 1.0

vendor:intelmodel:nuc7i3dnhescope:ltversion:0067

Trust: 1.0

vendor:intelmodel:stk2m3w64ccscope:ltversion:0062

Trust: 1.0

vendor:intelmodel:cd1p64gkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc 8 mainstream game kitscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc 8 mainstream game mini computerscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i3dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i5dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc8i3cysmscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc8i7bekscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:stk2mv64ccscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7cjyhscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.6

vendor:intelmodel:compute card cd1m3128mkscope: - version: -

Trust: 0.6

vendor:intelmodel:compute card cd1iv128mkscope: - version: -

Trust: 0.6

vendor:intelmodel:compute card cd1p64gkscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kit nuc6caysscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kit nuc6i7kykscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kit nuc6i5syhscope: - version: -

Trust: 0.6

vendor:intelmodel:compute stick stk2mv64ccscope: - version: -

Trust: 0.6

vendor:intelmodel:compute stick stk2m3w64ccscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc mainstream game kitscope:eqversion:8

Trust: 0.6

vendor:intelmodel:nuc mainstream game mini computerscope:eqversion:8

Trust: 0.6

vendor:intelmodel:nuc kit nuc8i7bekscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc home nuc8i3cysmscope:eqversion:8-

Trust: 0.6

vendor:intelmodel:nuc-kit nuc7i7dnkescope: - version: -

Trust: 0.6

vendor:intelmodel:nuc-kit nuc7i5dnkescope: - version: -

Trust: 0.6

vendor:intelmodel:nuc-kit nuc7i3dnhescope: - version: -

Trust: 0.6

vendor:intelmodel:nuc board de3815tybescope: - version: -

Trust: 0.6

vendor:intelmodel:nuc board d34010wybscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc8i7bekscope:eqversion: -

Trust: 0.6

vendor:intelmodel:cd1iv128mkscope:eqversion: -

Trust: 0.6

vendor:intelmodel:nuc6caysscope:eqversion: -

Trust: 0.6

vendor:intelmodel:d34010wybscope:eqversion: -

Trust: 0.6

vendor:intelmodel:nuc8i7hnkscope:eqversion: -

Trust: 0.6

vendor:intelmodel:de3815tybescope:eqversion: -

Trust: 0.6

vendor:intelmodel:cd1m3128mkscope:eqversion: -

Trust: 0.6

vendor:intelmodel:cd1p64gkscope:eqversion: -

Trust: 0.6

vendor:intelmodel:nuc8i3cysmscope:eqversion: -

Trust: 0.6

vendor:intelmodel:nuc 8 mainstream game mini computerscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-04682 // JVNDB: JVNDB-2019-013787 // CNNVD: CNNVD-201912-582 // NVD: CVE-2019-14612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14612
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-14612
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-04682
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-582
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-14612
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-04682
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14612
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-14612
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-04682 // JVNDB: JVNDB-2019-013787 // CNNVD: CNNVD-201912-582 // NVD: CVE-2019-14612

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-013787 // NVD: CVE-2019-14612

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-582

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013787

PATCH
title:INTEL-SA-00323url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Trust: 0.8
title:Patch for Intel NUC Cross-Border Write Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/200037
Trust: 0.6
title:Multiple Intel Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106359
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-04682 // 
            
            
            
            JVNDB: JVNDB-2019-013787 // 
            
            
            
            CNNVD: CNNVD-201912-582

EXTERNAL IDS
db:NVDid:CVE-2019-14612
Trust: 3.0
db:JVNid:JVNVU93632155
Trust: 0.8
db:JVNDBid:JVNDB-2019-013787
Trust: 0.8
db:CNVDid:CNVD-2020-04682
Trust: 0.6
db:AUSCERTid:ESB-2019.4655
Trust: 0.6
db:CNNVDid:CNNVD-201912-582
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-04682 // 
            
            
            
            JVNDB: JVNDB-2019-013787 // 
            
            
            
            CNNVD: CNNVD-201912-582 // 
            
            
            
            NVD: CVE-2019-14612

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-14612
Trust: 2.0
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14612
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93632155/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4655/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-04682 // 
            
            
            
            JVNDB: JVNDB-2019-013787 // 
            
            
            
            CNNVD: CNNVD-201912-582 // 
            
            
            
            NVD: CVE-2019-14612

SOURCES
db:CNVDid:CNVD-2020-04682
db:JVNDBid:JVNDB-2019-013787
db:CNNVDid:CNNVD-201912-582
db:NVDid:CVE-2019-14612

LAST UPDATE DATE
2024-11-23T21:13:21.988000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-04682date:2020-02-12T00:00:00
db:JVNDBid:JVNDB-2019-013787date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-582date:2019-12-27T00:00:00
db:NVDid:CVE-2019-14612date:2024-11-21T04:27:02.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-04682date:2020-02-12T00:00:00
db:JVNDBid:JVNDB-2019-013787date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-582date:2019-12-12T00:00:00
db:NVDid:CVE-2019-14612date:2019-12-16T20:15:15.477