Insufficient Access Control in Intel Ethernet 700 Series Controllers
CVE-2019-0139

6.7MEDIUM

Key Information:

Vendor: Intel
Status: 2019.2 Ipu – Intel(r) Ethernet 700 Series Controllers
Vendor: CVE Published:; 14 November 2019

Summary

The Intel Ethernet 700 Series Controllers are affected by an insufficient access control vulnerability in their firmware. This issue allows privileged users with local access to potentially exploit the system. The vulnerabilities may lead to escalation of privileges, denial of service, or information disclosure, impacting the integrity and confidentiality of the system. Users are encouraged to update to version 7.0 or later to mitigate potential risks.

Affected Version(s)

2019.2 IPU – Intel(R) Ethernet 700 Series Controllers See provided reference

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://support.f5.com/csp/article/K08441753?utm_source=f...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Nov 13, 2018