Intel NUC固件多个漏洞安全通告

发布时间 2019-06-14

漏洞编号和级别


CVE编号:CVE-2019-11123,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定
CVE编号:CVE-2019-11124,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定
CVE编号:CVE-2019-11125,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定
CVE编号:CVE-2019-11126,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定
CVE编号:CVE-2019-11127,危险级别:高危,CVSS分值:厂商自评:8.2,官方未评定
CVE编号:CVE-2019-11128,危险级别:高危,CVSS分值:厂商自评:8.2,官方未评定
CVE编号:CVE-2019-11129,危险级别:高危,CVSS分值:厂商自评:7.5,官方未评定

CVE编号:CVE-2019-11119,危险级别:高危,CVSS分值:厂商自评:8.9,官方未评定


影响版本


受影响的版本


Affected Product

Updated Firmware

Intel? NUC Kit NUC8i3Bex

Intel? NUC Kit NUC8i5BEx

Intel? NUC Kit NUC8i7BEx

BIOS version 0071 or later

Intel? Compute Card CD1P64GK Intel? Compute Card CD1C64GK

BIOS version 0050 or later

Intel? NUC Kit NUC8i3CYx

BIOS version 0040 or later

Intel? NUC Kit NUC8i7HNK

Intel? NUC Kit NUC8i7HVK

BIOS version 0054 or later

Intel? NUC Kit NUC7i7DNx

BIOS version 0063 or later

Intel? NUC Kit NUC7i5DNx

BIOS version 0063 or later

Intel? NUC Kit NUC7i3DNx

BIOS version 0063 or later

Intel? Compute Stick STK2MV64CC

BIOS version 0060 or later

Intel? Compute Stick STK2M3W64CC

Intel? Compute Stick STK2M364CC

BIOS version 0060 or later

Intel? NUC Kit NUC6i7KYk

BIOS version 0062 or later

Intel? NUC Kit NUC7PJY

Intel? NUC Kit NUC7CJY

BIOS version 0049 or later

Intel? NUC KitNUC6CAYx

BIOS version 0060 or later

Intel? NUC Kit DE3815TYB

(BIOS ID CODE TYBYT20H.86A BIOS ID code)

BIOS version 0020 or later

Intel? NUC Kit DE3815TYB

(BIOS ID CODE TYBYT10H.86A BIOS ID code)

BIOS version 0065 or later

Intel? NUC Kit NUC5CPYH

Intel? NUC Kit NUC5PPYH

Intel? NUC Kit NUC5PGYH

BIOS version 0076 or later

Intel? NUC Kit NUC5i7RYx

Intel? NUC Kit NUC5i3RYx

Intel? NUC Kit NUC5i5RYx

BIOS version 0379 or later

Intel? NUC Kit NUC5i5MYx

BIOS version 0051 or later

Intel? NUC Kit NUC5i3MYx

BIOS version 0054 or later

Intel? NUC Kit DN2820FYKH

BIOS version 0067 or later

Intel? Compute Stick STCK1A32WFC

Intel? Compute Stick STCK1A8LFC

BIOS version 0039 or later

Intel? Compute Card CD1M3128MK

BIOS version 0056 or later

Intel? Compute Card CD1IV128MK

BIOS version 0036 or later

Intel? NUC Kit NUC7i3BNx

Intel? NUC Kit NUC7i5BNx

Intel? NUC Kit NUC7i7BNx

BIOS version 0079 or later

Intel? NUC Kit NUC6i3SYx

Intel? NUC Kit NUC6i5SYx

BIOS version 0070 or later

Intel? NUC Kit D54250WYx

Intel? NUC Kit D34010WYx 

BIOS version 0051 or later

Intel? RAID Web Console 3 for Windows* version 4.186 and before

Intel? RAID Web Console 3 for Windows* update to 7.009.011.000 or later


漏洞概述


Intel NUC kits是美国英特尔(Intel)企业的一款迷你型台式机。Intel RAID Web Console for Windows是美国英特尔(Intel)企业的一款基于Windows平台的RAID(独立冗余磁盘阵列)管理控制台程序。


英特尔修复了如下高危漏洞:


CVE-2019-11123

Intel NUC套件的系统固件中的会话验证不足可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。


CVE-2019-11124

对于Intel NUC套件的系统固件的超出读/写可允许特权用户通过本地访问潜在地实现提权,拒绝服务和/或信息泄露。


CVE-2019-11125

Intel NUC套件的系统固件中的输入验证不足可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。


CVE-2019-11126

Intel NUC套件的系统固件中的指针损坏可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。


CVE-2019-11127

Intel NUC套件的系统固件中的缓冲区溢出可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。


CVE-2019-11128

Intel NUC套件的系统固件中的输入验证不足可能允许特权用户通过本地访问来提权,拒绝服务和/或信息泄露。


CVE-2019-11129

对于Intel NUC套件的系统固件的超出读/写可允许特权用户通过本地访问潜在地实现提权,拒绝服务和/或信息泄露。


CVE-2019-11119

Intel RWC3版本4.186及之前的服务API中的会话验证不足可能允许未经身份验证的用户通过网络访问启用提权。



漏洞验证



暂无POC/EXP。



修复建议



目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html

https://downloadcenter.intel.com/download/28781/Intel-RAID-Web-Console-3-for-Windows-?v=t



参考链接



https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html