Intel NUC Firmware Vulnerability Advisory - Oct. 8

    Intel NUC Firmware Vulnerability Advisory - Oct. 8

    Intel NUC Firmware Vulnerability Advisory - Oct. 8


    Posted: 08 Oct 2019

    Intel ID: INTEL-SA-00296
    Advisory Category: Firmware
    Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure
    Severity rating: HIGH
    Original release: 10/08/2019
    Last revised: 10/08/2019

    Summary:

    Potential security vulnerabilities in system firmware for Intel® NUC may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

    Vulnerability Details:

    CVEID: CVE-2019-14569
    Description: Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
    CVSS Base Score: 7.5 High
    CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

    CVEID: CVE-2019-14570
    Description: Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
    CVSS Base Score: 7.5 High
    CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

    Affected Products:

    Affected Product Updated Firmware
    Intel® NUC 8 Mainstream Game Kit INWHL357
    Intel® NUC 8 Mainstream Game Mini Computer INWHL357
    Intel® NUC Board DE3815TYBE (H26998-500 & later) TY0022
    Intel® NUC Kit DE3815TYKHE (H27002-500 & later) TY0022
    Intel® NUC Board DE3815TYBE TY0067
    Intel® NUC Kit DE3815TYKHE TY0067
    Intel® NUC Kit DN2820FYKH FY0069
    Recommendations:

    Intel recommends that users update to the latest version (see provided table).

    Acknowledgements:

    Intel would like to thank Alexander Ermolov for reporting this issue.

    Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

    Revision History

    Revision Date Description
    1.0 10/08/2019 Initial Release

    Source: https://www.intel.com/content/www/us...-sa-00296.html
    Brink's Avatar Posted By: Brink
    08 Oct 2019


 

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:55.
Find Us




Windows 10 Forums