CVE-2019-14608 - OpenCVE

Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Intel	Nuc7i3dnhe Nuc8i7hnk Firmware Nuc7cjyh Firmware Cd1p64gk Nuc6cays Nuc7i7dnke Nuc8i3cysm Firmware Nuc6cays Firmware Nuc6i5syh Firmware Nuc8i7hnk Cd1iv128mk Stk2m3w64cc D34010wyb Firmware Nuc8i7bek Firmware Stk2mv64cc Nuc8i7bek Stk2m3w64cc Firmware Nuc7i5dnke Nuc 8 Mainstream Game Kit Nuc 8 Mainstream Game Mini Computer D34010wyb Nuc6i5syh Cd1m3128mk Cd1iv128mk Firmware Nuc 8 Mainstream Game Kit Firmware Nuc7i3dnhe Firmware Nuc 8 Mainstream Game Mini Computer Firmware Cd1p64gk Firmware De3815tybe Firmware Nuc8i3cysm Cd1m3128mk Firmware Nuc7i5dnke Firmware Stk2mv64cc Firmware Nuc6i7kyk Firmware Nuc7i7dnke Firmware Nuc6i7kyk Nuc7cjyh De3815tybe

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc_8_mainstream_game_kit_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_mainstream_game_kit:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc_8_mainstream_game_mini_computer_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_mainstream_game_mini_computer:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc8i7bek_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7bek:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:cd1p64gk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cd1p64gk:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:nuc8i3cysm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i3cysm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:nuc8i7hnk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7hnk:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:nuc7i7dnke_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7i7dnke:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:nuc7i5dnke_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7i5dnke:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:intel:nuc7i3dnhe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7i3dnhe:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:intel:stk2mv64cc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:intel:stk2m3w64cc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:stk2m3w64cc:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:intel:nuc6i7kyk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc6i7kyk:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:intel:nuc6i5syh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc6i5syh:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:intel:nuc7cjyh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjyh:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:intel:cd1m3128mk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cd1m3128mk:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:intel:cd1iv128mk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cd1iv128mk:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:intel:nuc6cays_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc6cays:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:intel:de3815tybe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:de3815tybe:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:intel:d34010wyb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:d34010wyb:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2019-12-16T19:10:34

Updated: 2019-12-16T19:10:34

Reserved: 2019-08-03T00:00:00

Link: CVE-2019-14608

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-12-16T20:15:15.227

Modified: 2020-01-02T17:23:10.667

Link: CVE-2019-14608

JSON object: View

Redhat Information

No data.

CWE

CWE-119