Risk | Low |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2019-14612 CVE-2019-14611 CVE-2019-14609 CVE-2019-14610 CVE-2019-14608 |
CWE-ID | CWE-787 CWE-190 CWE-20 CWE-284 CWE-119 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Intel NUC 8 Mainstream Game Kit Hardware solutions / Firmware Intel NUC 8 Mainstream Game Mini Computer Hardware solutions / Firmware Intel NUC Kit NUC8i7BEK Hardware solutions / Firmware Intel Compute Card CD1P64GK Hardware solutions / Firmware Intel NUC 8 Home - NUC8i3CYSM Hardware solutions / Firmware Intel NUC Kit NUC8i7HNK Hardware solutions / Firmware Intel NUC-Kit NUC7i7DNKE Hardware solutions / Firmware Intel NUC-Kit NUC7i5DNKE Hardware solutions / Firmware Intel NUC-Kit NUC7i3DNHE Hardware solutions / Firmware Intel Compute Stick STK2mv64CC Hardware solutions / Firmware Intel Compute Stick STK2m3W64CC Hardware solutions / Firmware Intel NUC Kit NUC6i7KYK Hardware solutions / Firmware Intel NUC Kit NUC6i5SYH Hardware solutions / Firmware Intel NUC Kit NUC7CJYH Hardware solutions / Firmware Intel Compute Card CD1M3128MK Hardware solutions / Firmware Intel Compute Card CD1IV128MK Hardware solutions / Firmware Intel NUC Kit NUC6CAYS Hardware solutions / Firmware Intel NUC Board DE3815TYBE Hardware solutions / Firmware Intel NUC Board D34010WYB Hardware solutions / Firmware |
Vendor | Intel |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU23553
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14612
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists in firmware for Intel NUC due to a boundary error when processing untrusted input. A local user can trigger out-of-bounds write and enable escalation of privilege on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 8 Mainstream Game Kit: All versions
Intel NUC 8 Mainstream Game Mini Computer: All versions
Intel NUC Kit NUC8i7BEK: All versions
Intel Compute Card CD1P64GK: All versions
Intel NUC 8 Home - NUC8i3CYSM: All versions
Intel NUC Kit NUC8i7HNK: All versions
Intel NUC-Kit NUC7i7DNKE: All versions
Intel NUC-Kit NUC7i5DNKE: All versions
Intel NUC-Kit NUC7i3DNHE: All versions
Intel Compute Stick STK2mv64CC: All versions
Intel Compute Stick STK2m3W64CC: All versions
Intel NUC Kit NUC6i7KYK: All versions
Intel NUC Kit NUC6i5SYH: All versions
Intel NUC Kit NUC7CJYH: All versions
Intel Compute Card CD1M3128MK: All versions
Intel Compute Card CD1IV128MK: All versions
Intel NUC Kit NUC6CAYS: All versions
Intel NUC Board DE3815TYBE: All versions
Intel NUC Board D34010WYB: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23552
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14611
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to integer overflow in firmware for Intel NUC. A local user can trigger integer overflow and enable escalation of privilege on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 8 Mainstream Game Kit: All versions
Intel NUC 8 Mainstream Game Mini Computer: All versions
Intel NUC Kit NUC8i7BEK: All versions
Intel Compute Card CD1P64GK: All versions
Intel NUC 8 Home - NUC8i3CYSM: All versions
Intel NUC Kit NUC8i7HNK: All versions
Intel NUC-Kit NUC7i7DNKE: All versions
Intel NUC-Kit NUC7i5DNKE: All versions
Intel NUC-Kit NUC7i3DNHE: All versions
Intel Compute Stick STK2mv64CC: All versions
Intel Compute Stick STK2m3W64CC: All versions
Intel NUC Kit NUC6i7KYK: All versions
Intel NUC Kit NUC6i5SYH: All versions
Intel NUC Kit NUC7CJYH: All versions
Intel Compute Card CD1M3128MK: All versions
Intel Compute Card CD1IV128MK: All versions
Intel NUC Kit NUC6CAYS: All versions
Intel NUC Board DE3815TYBE: All versions
Intel NUC Board D34010WYB: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23551
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14609
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in firmware for Intel NUC. A local user can enable escalation of privilege on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 8 Mainstream Game Kit: All versions
Intel NUC 8 Mainstream Game Mini Computer: All versions
Intel NUC Kit NUC8i7BEK: All versions
Intel Compute Card CD1P64GK: All versions
Intel NUC 8 Home - NUC8i3CYSM: All versions
Intel NUC Kit NUC8i7HNK: All versions
Intel NUC-Kit NUC7i7DNKE: All versions
Intel NUC-Kit NUC7i5DNKE: All versions
Intel NUC-Kit NUC7i3DNHE: All versions
Intel Compute Stick STK2mv64CC: All versions
Intel Compute Stick STK2m3W64CC: All versions
Intel NUC Kit NUC6i7KYK: All versions
Intel NUC Kit NUC6i5SYH: All versions
Intel NUC Kit NUC7CJYH: All versions
Intel Compute Card CD1M3128MK: All versions
Intel Compute Card CD1IV128MK: All versions
Intel NUC Kit NUC6CAYS: All versions
Intel NUC Board DE3815TYBE: All versions
Intel NUC Board D34010WYB: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23550
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14610
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to improper access restrictions in firmware for Intel NUC. A local user can bypass implemented security restrictions and enable escalation of privilege on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 8 Mainstream Game Kit: All versions
Intel NUC 8 Mainstream Game Mini Computer: All versions
Intel NUC Kit NUC8i7BEK: All versions
Intel Compute Card CD1P64GK: All versions
Intel NUC 8 Home - NUC8i3CYSM: All versions
Intel NUC Kit NUC8i7HNK: All versions
Intel NUC-Kit NUC7i7DNKE: All versions
Intel NUC-Kit NUC7i5DNKE: All versions
Intel NUC-Kit NUC7i3DNHE: All versions
Intel Compute Stick STK2mv64CC: All versions
Intel Compute Stick STK2m3W64CC: All versions
Intel NUC Kit NUC6i7KYK: All versions
Intel NUC Kit NUC6i5SYH: All versions
Intel NUC Kit NUC7CJYH: All versions
Intel Compute Card CD1M3128MK: All versions
Intel Compute Card CD1IV128MK: All versions
Intel NUC Kit NUC6CAYS: All versions
Intel NUC Board DE3815TYBE: All versions
Intel NUC Board D34010WYB: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23549
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14608
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to a boundary error in firmware for Intel NUC. A local user can trigger memory corruption and enable escalation of privilege on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel NUC 8 Mainstream Game Kit: All versions
Intel NUC 8 Mainstream Game Mini Computer: All versions
Intel NUC Kit NUC8i7BEK: All versions
Intel Compute Card CD1P64GK: All versions
Intel NUC 8 Home - NUC8i3CYSM: All versions
Intel NUC Kit NUC8i7HNK: All versions
Intel NUC-Kit NUC7i7DNKE: All versions
Intel NUC-Kit NUC7i5DNKE: All versions
Intel NUC-Kit NUC7i3DNHE: All versions
Intel Compute Stick STK2mv64CC: All versions
Intel Compute Stick STK2m3W64CC: All versions
Intel NUC Kit NUC6i7KYK: All versions
Intel NUC Kit NUC6i5SYH: All versions
Intel NUC Kit NUC7CJYH: All versions
Intel Compute Card CD1M3128MK: All versions
Intel Compute Card CD1IV128MK: All versions
Intel NUC Kit NUC6CAYS: All versions
Intel NUC Board DE3815TYBE: All versions
Intel NUC Board D34010WYB: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.