Insufficient Access Control in Intel Xeon Scalable Processors
CVE-2019-0126

6.7MEDIUM

Key Information:

Vendor

Intel
Status
Intel(r) Unified Extensible Firmware Interface (uefi)
Vendor
CVE Published:
17 May 2019

What is CVE-2019-0126?

A flaw in the silicon reference firmware of the Intel Xeon Scalable Processor and Intel Xeon Processor D Family permits a privileged user to exploit insufficient access control mechanisms. This vulnerability can lead to the potential elevation of user privileges or could result in denial of service when access is obtained locally. Immediate awareness and mitigation are essential for users and administrators relying on these processors for secure operations.

Affected Version(s)

Intel(R) Unified Extensible Firmware Interface (UEFI) Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
http://www.securityfocus.com/bid/108485
vdb-entryx_refsource_BID
https://support.f5.com/csp/article/K37428370
x_refsource_CONFIRM

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.