Insufficient Input Validation in Intel Broadwell U i5 vPro Firmware
CVE-2019-0163

8.2HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Nuc Advisory
Vendor: CVE Published:; 17 April 2019

Summary

Insufficient input validation in the system firmware for Intel Broadwell U i5 vPro may allow an authenticated user to potentially escalate privileges, cause a denial of service, or disclose sensitive information. This vulnerability can be exploited through local access, highlighting the importance of ensuring that firmware is kept up-to-date to mitigate potential attacks. Users are encouraged to consult Intel's advisory for further details and recommended actions.

Affected Version(s)

Intel(R) NUC Advisory Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A.

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 17, 2019
Vulnerability Reserved
Nov 13, 2018