SB2019121202 - Multiple vulnerabilities in Intel NUC Firmware
Published: December 12, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2019-14612)
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists in firmware for Intel NUC due to a boundary error when processing untrusted input. A local user can trigger out-of-bounds write and enable escalation of privilege on the target system.
2) Integer overflow (CVE-ID: CVE-2019-14611)
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to integer overflow in firmware for Intel NUC. A local user can trigger integer overflow and enable escalation of privilege on the target system.
3) Improper input validation (CVE-ID: CVE-2019-14609)
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in firmware for Intel NUC. A local user can enable escalation of privilege on the target system.
4) Improper access control (CVE-ID: CVE-2019-14610)
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to improper access restrictions in firmware for Intel NUC. A local user can bypass implemented security restrictions and enable escalation of privilege on the target system.
5) Buffer overflow (CVE-ID: CVE-2019-14608)
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to a boundary error in firmware for Intel NUC. A local user can trigger memory corruption and enable escalation of privilege on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.