CVE-2019-11140

Name of the Vulnerable Software and Affected Versions Intel NUC (affected versions not specified) Intel NUC Kit (affected versions not specified) Intel Compute Stick (affected versions not specified) Intel Compute Card (affected versions not specified)

Description The issue is related to insufficient session validation in system firmware, which may allow a privileged user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. It is also described as a vulnerability due to insufficient input validation, which can be exploited by an attacker to gain elevated privileges, disclose protected information, or cause a denial of service.

Recommendations For Intel NUC, consider restricting local access to minimize the risk of exploitation until a fix is available. For Intel NUC Kit, avoid using the system until a patch or fix is provided to address the insufficient input validation. For Intel Compute Stick, as a temporary workaround, consider disabling local access to prevent potential exploitation. For Intel Compute Card, restrict access to sensitive information and functions to minimize the risk of information disclosure or privilege escalation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.