Intel NUC固件多个漏洞安全通告
发布时间 2019-06-14漏洞编号和级别
CVE编号:CVE-2019-11124,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定
CVE编号:CVE-2019-11125,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定
CVE编号:CVE-2019-11126,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定
CVE编号:CVE-2019-11127,危险级别:高危,CVSS分值:厂商自评:8.2,官方未评定
CVE编号:CVE-2019-11128,危险级别:高危,CVSS分值:厂商自评:8.2,官方未评定
CVE编号:CVE-2019-11129,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定
CVE编号:CVE-2019-11119,危险级别:高危,CVSS分值:厂商自评:8.9,官方未评定
影响版本
受影响的版本
Affected Product |
Updated Firmware |
Intel® NUC Kit NUC8i3BexIntel® NUC Kit NUC8i5BExIntel® NUC Kit NUC8i7BEx |
BIOS version 0071 or later |
Intel® Compute Card CD1P64GK Intel® Compute Card CD1C64GK |
BIOS version 0050 or later |
Intel® NUC Kit NUC8i3CYx |
BIOS version 0040 or later |
Intel® NUC Kit NUC8i7HNKIntel® NUC Kit NUC8i7HVK |
BIOS version 0054 or later |
Intel® NUC Kit NUC7i7DNx |
BIOS version 0063 or later |
Intel® NUC Kit NUC7i5DNx |
BIOS version 0063 or later |
Intel® NUC Kit NUC7i3DNx |
BIOS version 0063 or later |
Intel® Compute Stick STK2MV64CC |
BIOS version 0060 or later |
Intel® Compute Stick STK2M3W64CCIntel® Compute Stick STK2M364CC |
BIOS version 0060 or later |
Intel® NUC Kit NUC6i7KYk |
BIOS version 0062 or later |
Intel® NUC Kit NUC7PJYIntel® NUC Kit NUC7CJY |
BIOS version 0049 or later |
Intel® NUC KitNUC6CAYx |
BIOS version 0060 or later |
Intel® NUC Kit DE3815TYB(BIOS ID CODE TYBYT20H.86A BIOS ID code) |
BIOS version 0020 or later |
Intel® NUC Kit DE3815TYB(BIOS ID CODE TYBYT10H.86A BIOS ID code) |
BIOS version 0065 or later |
Intel® NUC Kit NUC5CPYHIntel® NUC Kit NUC5PPYHIntel® NUC Kit NUC5PGYH |
BIOS version 0076 or later |
Intel® NUC Kit NUC5i7RYxIntel® NUC Kit NUC5i3RYxIntel® NUC Kit NUC5i5RYx |
BIOS version 0379 or later |
Intel® NUC Kit NUC5i5MYx |
BIOS version 0051 or later |
Intel® NUC Kit NUC5i3MYx |
BIOS version 0054 or later |
Intel® NUC Kit DN2820FYKH |
BIOS version 0067 or later |
Intel® Compute Stick STCK1A32WFCIntel® Compute Stick STCK1A8LFC |
BIOS version 0039 or later |
Intel® Compute Card CD1M3128MK |
BIOS version 0056 or later |
Intel® Compute Card CD1IV128MK |
BIOS version 0036 or later |
Intel® NUC Kit NUC7i3BNxIntel® NUC Kit NUC7i5BNxIntel® NUC Kit NUC7i7BNx |
BIOS version 0079 or later |
Intel® NUC Kit NUC6i3SYxIntel® NUC Kit NUC6i5SYx |
BIOS version 0070 or later |
Intel® NUC Kit D54250WYxIntel® NUC Kit D34010WYx |
BIOS version 0051 or later |
Intel® RAID Web Console 3 for Windows* version 4.186 and before |
Intel® RAID Web Console 3 for Windows* update to 7.009.011.000 or later |
漏洞概述
Intel NUC kits是美国英特尔(Intel)公司的一款迷你型台式机。Intel RAID Web Console for Windows是美国英特尔(Intel)公司的一款基于Windows平台的RAID(独立冗余磁盘阵列)管理控制台程序。
英特尔修复了如下高危漏洞:
Intel NUC套件的系统固件中的会话验证不足可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。
对于Intel NUC套件的系统固件的超出读/写可允许特权用户通过本地访问潜在地实现提权,拒绝服务和/或信息泄露。
Intel NUC套件的系统固件中的输入验证不足可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。
Intel NUC套件的系统固件中的指针损坏可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。
Intel NUC套件的系统固件中的缓冲区溢出可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。
Intel NUC套件的系统固件中的输入验证不足可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。
对于Intel NUC套件的系统固件的超出读/写可允许特权用户通过本地访问潜在地实现提权,拒绝服务和/或信息泄露。
Intel RWC3版本4.186及之前的服务API中的会话验证不足可能允许未经身份验证的用户通过网络访问启用提权。
漏洞验证
暂无POC/EXP。
修复建议
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
https://downloadcenter.intel.com/download/28781/Intel-RAID-Web-Console-3-for-Windows-?v=t
参考链接
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html
京公网安备11010802024551号