CVE-2019-14608

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-14608
Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intel:nuc_8_mainstream_game_kit_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_8_mainstream_game_kit:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:intel:nuc_8_mainstream_game_mini_computer_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_8_mainstream_game_mini_computer:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:intel:nuc8i7bek_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7bek:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:intel:cd1p64gk_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:cd1p64gk:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:intel:nuc8i3cysm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i3cysm:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:intel:nuc8i7hnk_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hnk:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:intel:nuc7i7dnke_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i7dnke:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:intel:nuc7i5dnke_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i5dnke:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:intel:nuc7i3dnhe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i3dnhe:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:intel:stk2mv64cc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:intel:stk2m3w64cc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:stk2m3w64cc:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:intel:nuc6i7kyk_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc6i7kyk:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:intel:nuc6i5syh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc6i5syh:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:intel:nuc7cjyh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjyh:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:intel:cd1m3128mk_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:cd1m3128mk:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:intel:cd1iv128mk_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:cd1iv128mk:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:intel:nuc6cays_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc6cays:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:intel:de3815tybe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:de3815tybe:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:intel:d34010wyb_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:d34010wyb:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2019-12-16 20:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-14608

Mitre link : CVE-2019-14608

CVE.ORG link : CVE-2019-14608

JSON object : View

Products Affected

intel

  • d34010wyb
  • cd1iv128mk_firmware
  • nuc6i7kyk_firmware
  • nuc_8_mainstream_game_mini_computer_firmware
  • d34010wyb_firmware
  • nuc7i3dnhe
  • nuc7i5dnke_firmware
  • nuc8i7bek_firmware
  • nuc_8_mainstream_game_kit
  • nuc7i5dnke
  • nuc7i7dnke
  • nuc6i7kyk
  • de3815tybe_firmware
  • nuc6i5syh_firmware
  • nuc8i7hnk
  • nuc_8_mainstream_game_mini_computer
  • nuc8i3cysm_firmware
  • nuc8i3cysm
  • cd1m3128mk_firmware
  • de3815tybe
  • cd1p64gk
  • cd1p64gk_firmware
  • nuc7cjyh_firmware
  • cd1m3128mk
  • stk2mv64cc
  • nuc7i7dnke_firmware
  • nuc6cays_firmware
  • nuc7cjyh
  • nuc6cays
  • nuc8i7bek
  • cd1iv128mk
  • nuc6i5syh
  • nuc7i3dnhe_firmware
  • stk2m3w64cc
  • stk2m3w64cc_firmware
  • nuc8i7hnk_firmware
  • nuc_8_mainstream_game_kit_firmware
  • stk2mv64cc_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer