Details of VAR-201912-1255

ID

VAR-201912-1255

CVE

CVE-2019-18579

TITLE

Dell XPS 13 2-in-1 BIOS Configuration Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-03860 // CNNVD: CNNVD-201912-736

DESCRIPTION

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot. Dell XPS 13 2-in-1 (7390) BIOS Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell XPS 13 2-in-1 is a notebook computer from Dell, USA. BIOS is one of the basic input and output systems

Trust: 2.16

sources: NVD: CVE-2019-18579 // JVNDB: JVNDB-2019-013774 // CNVD: CNVD-2020-03860

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-03860

AFFECTED PRODUCTS

vendor:	dell	model:	xps 7390	scope:	lt	version:	1.1.3	Trust: 1.8
vendor:	dell	model:	xps 2-in-1 bios	scope:	eq	version:	13(7390)<1.1.3	Trust: 0.6

sources: CNVD: CNVD-2020-03860 // JVNDB: JVNDB-2019-013774 // NVD: CVE-2019-18579

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18579
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2019-18579
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-18579
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-03860
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-736
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-18579
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-03860
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-18579
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2019-18579
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-18579
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-03860 // JVNDB: JVNDB-2019-013774 // CNNVD: CNNVD-201912-736 // NVD: CVE-2019-18579 // NVD: CVE-2019-18579

PROBLEMTYPE DATA

problemtype:	CWE-16	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2019-013774 // NVD: CVE-2019-18579

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201912-736

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013774

PATCH

title:	DSA-2019-174	url:	https://www.dell.com/support/article/SLN319808	Trust: 0.8
title:	Patch for Dell XPS 13 2-in-1 BIOS Configuration Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/199223	Trust: 0.6
title:	Dell XPS 13 2-in-1 BIOS Fixes for configuration error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106098	Trust: 0.6

sources: CNVD: CNVD-2020-03860 // JVNDB: JVNDB-2019-013774 // CNNVD: CNNVD-201912-736

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18579	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013774	Trust: 0.8
db:	CNVD	id:	CNVD-2020-03860	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-736	Trust: 0.6

sources: CNVD: CNVD-2020-03860 // JVNDB: JVNDB-2019-013774 // CNNVD: CNNVD-201912-736 // NVD: CVE-2019-18579

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-18579	Trust: 2.0
url:	https://www.dell.com/support/article/sln319808	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18579	Trust: 0.8

sources: CNVD: CNVD-2020-03860 // JVNDB: JVNDB-2019-013774 // CNNVD: CNNVD-201912-736 // NVD: CVE-2019-18579

SOURCES

db:	CNVD	id:	CNVD-2020-03860
db:	JVNDB	id:	JVNDB-2019-013774
db:	CNNVD	id:	CNNVD-201912-736
db:	NVD	id:	CVE-2019-18579

LAST UPDATE DATE

2024-11-23T22:48:10.982000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-03860	date:	2020-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-013774	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-736	date:	2020-05-15T00:00:00
db:	NVD	id:	CVE-2019-18579	date:	2024-11-21T04:33:20.110

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-03860	date:	2020-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-013774	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-736	date:	2019-12-16T00:00:00
db:	NVD	id:	CVE-2019-18579	date:	2019-12-16T20:15:15.930