A vulnerability has been found in Intel NUC Kit (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code of the component System Firmware. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

The weakness was disclosed 06/13/2019 (Website). The advisory is available at securityfocus.com. This vulnerability was named CVE-2019-11123 since 04/11/2019. Local access is required to approach this attack. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 10/05/2023).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-136463, VDB-136464, VDB-136465 and VDB-136466 are pretty similar. Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Intel

Name

• NUC Kit

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion