Insufficient Access Control in Intel Xeon Processors
CVE-2019-11136

6.7MEDIUM

Key Information:

Vendor

Intel
Status
2019.2 Ipu – Uefi
Vendor
CVE Published:
14 November 2019

What is CVE-2019-11136?

A vulnerability exists in the firmware of Intel Xeon Scalable Processors and Intel Xeon Processors D Family due to insufficient access control. This flaw may enable a privileged user to exploit the system, potentially leading to escalated privileges, denial of service, or unauthorized information disclosure through local access. Organizations using affected Intel processors should apply patches and monitor for unusual activity to mitigate associated risks.

Affected Version(s)

2019.2 IPU – UEFI See provided reference

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
https://support.f5.com/csp/article/K56215245?utm_source=f...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.