CVE-2019-11094

Published May 17, 2019

Last updated 6 years ago

CVSS high 7.8

Overview

Description: Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
Source: secure@intel.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71AA56A6-EB26-4A62-83EC-6961BC24D4DA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_d33217gke:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "02BFB59F-D932-43E5-9A41-3AE3A9047DCE"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_d53427rke:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "412647D8-EA12-4EE6-A2D3-71DDFD963BF4"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_d54250wyb:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B8DB94BE-7F38-4029-954E-EFE1AC614798"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_de3815tybe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F83FBC94-6D65-4A44-992D-2A5AECC59E49"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "738AD9B2-1055-42D0-8D16-205340BE3BE7"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5cpyh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4EB62714-4F2E-4980-9898-BBC4B06085F2"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i3myhe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97B8B238-D4DA-40A8-92CD-42B0EB6B1E2E"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i5myhe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FB5226BE-680C-4915-AB23-EABC588DCC0B"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i7ryh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "03D56B57-D4CD-47E9-AE86-B1307D3609B7"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5pgyh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E9ED06A8-FABF-431E-A5F4-F1B50E1F51B8"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5A261B82-5F54-4556-B1D1-53F0CFDF1830"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc6i5syh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3892CA36-86BF-4861-8C32-657212EABC92"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc6i7kyk:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5CC80B8F-D912-40D3-90AF-00DDF6A91AED"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "573F0989-6A34-4595-A298-EA1B88C61BD9"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i3dnhe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3143ABA5-9741-4CD2-AB9A-A7600EA6E32F"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i5dnke:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2EF7E820-8567-4E9A-8247-5E1665FFF8BC"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i7bnh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0DE3105-8418-4CA3-80B0-5EE4E394D58F"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i7dnke:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5DFDFEB2-B10D-489E-B51C-10FA84E65858"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "244CD6EC-780A-405E-8CFA-666A666FF7D5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References