SB2020091001 - Multiple vulnerabilities in Intel BIOS firmware

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020091001

SB2020091001 - Multiple vulnerabilities in Intel BIOS firmware

Published: September 10, 2020

Security Bulletin ID SB2020091001
Severity
Medium
Patch available
NO
Number of vulnerabilities 5
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2020-8672)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors. A local user can trigger out-of-bounds read error and read contents of memory on the system.


2) Buffer overflow (CVE-ID: CVE-2019-14557)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors. A remote authenticated user on the local network can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14558)

The vulnerability allows a remote user to execute arbitrary code on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors. A remote user on the local network can send specially crafted data to the system and execute arbitrary code.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-8671)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series. A remote user on the local network can send specially crafted data to the system and gain access to sensitive information.


5) Resource management error (CVE-ID: CVE-2019-14556)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors. A remote user on the local network can pass specially crafted data to the system and perform a denial of service (DoS) attack.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References