PT-2019-4280 · Intel · Intel Xeon Processors E7 V4 Family+4
Publicado
2019-11-12
·
Atualizado
2019-11-22
·
CVE-2019-11137
CVSS v3.1
8.2
Alta
| Vetor | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Intel(R) Xeon(R) Scalable Processors (affected versions not specified)
Intel(R) Xeon(R) Processors D Family (affected versions not specified)
Intel(R) Xeon(R) Processors E5 v4 Family (affected versions not specified)
Intel(R) Xeon(R) Processors E7 v4 Family (affected versions not specified)
Intel(R) Atom(R) processor C Series (affected versions not specified)
Description
The issue is related to insufficient input validation in system firmware, which may allow a privileged user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
Recommendations
For Intel(R) Xeon(R) Scalable Processors, consider restricting local access until a fix is available.
For Intel(R) Xeon(R) Processors D Family, restrict local access to minimize the risk of exploitation.
For Intel(R) Xeon(R) Processors E5 v4 Family, limit privileges for local users as a temporary mitigation measure.
For Intel(R) Xeon(R) Processors E7 v4 Family, avoid using the system with elevated privileges until the issue is resolved.
For Intel(R) Atom(R) processor C Series, restrict access to sensitive information to prevent potential disclosure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Intel Atom Processor A Series
Intel Xeon Processor D Family
Intel Xeon Processors E5 V4 Family
Intel Xeon Processors E7 V4 Family
Intel Xeon Scalable Processors