CVE-2019-11127 : Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged u

Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Published 2019-06-13 16:29:01

Updated 2019-06-24 16:15:15

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: OverflowDenial of serviceInformation leak

Products affected by CVE-2019-11127

Intel » Nuc Kit Firmware » Version: N/A
cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: N/A
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit D34010wyx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit D54250wyx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit De3815tyb
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Dn2820fykh
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc5cpyh
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc5i3myx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc5i3ryx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc5i5myx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc5i5ryx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc5i7ryx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc5pgyh
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc5ppyh
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc6cayx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc6i3syx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc6i5syx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc6i7kyk
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc7cjy
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc7i3bnx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc7i3dnx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc7i5bnx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc7i5dnx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc7i7bnx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc7i7dnx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc7pjy
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc8i3cyx
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc8i5bex
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc8i7bex
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc8i7hnk
When used together with: Intel » Nuc Kit Nuc8i3bex » Version: Nuc Kit Nuc8i7hvk
Intel » Compute Card Firmware » Version: N/A
cpe:2.3:o:intel:compute_card_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Compute Card Cd1c64gk » Version: N/A
When used together with: Intel » Compute Card Cd1iv128mk » Version: N/A
When used together with: Intel » Compute Card Cd1m3128mk » Version: N/A
When used together with: Intel » Compute Card Cd1p64gk » Version: N/A
Intel » Compute Stick Firmware » Version: N/A
cpe:2.3:o:intel:compute_stick_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Compute Stick Stck1a32wfc » Version: N/A
When used together with: Intel » Compute Stick Stck1a8lfc » Version: N/A
When used together with: Intel » Compute Stick Stk2m364cc » Version: N/A
When used together with: Intel » Compute Stick Stk2m3w64cc » Version: N/A
When used together with: Intel » Compute Stick Stk2mv64cc » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-11127

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-11127

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.7	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-11127

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-11127

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html

INTEL-SA-00264

CVEs referencing this url
http://www.securityfocus.com/bid/108766

Multiple Intel NUC Kits Multiple Unspecified Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html?wapkw=2019-11129

INTEL-SA-00264
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-11127

Products affected by CVE-2019-11127

Exploit prediction scoring system (EPSS) score for CVE-2019-11127

CVSS scores for CVE-2019-11127

CWE ids for CVE-2019-11127

References for CVE-2019-11127