erek
[H]F Junkie
- Joined
- Dec 19, 2005
- Messages
- 10,875
Five separate CVEs
"The first flaw (CVE-2019-14608) is due to improper buffer restrictions in the NUC firmware, which could allow attackers to enable privilege escalation via local access to the device.
The second vulnerability (CVE-2019-14610) describes improper access control in NUC firmware that could allow an authenticated user to enable escalation of privilege via local access.
The third vulnerability (CVE-2019-14609) comes from improper input validation in firmware that also lead to privilege escalation via local access.
A fourth NUC firmware flaw (CVE-2019-14611) was an integer overflow that could result in the same type of attack.
The final flaw (CVE-2019-14612) is an out of bounds write in NUC firmware that attackers could also exploit to escalate system privileges via local access.
Besides all of the speculative execution attacks against its processors, Intel has also had to issue multiple security advisories for its NUC family of devices this year. The company has been attempting to prioritize security since the Spectre CPU vulnerabilities were revealed, and, in part, that means encouraging researchers to look for vulnerabilities on its platforms. "
https://www.tomshardware.com/news/intel-nuc-security-flaws-advisory-vulnerabilities
"The first flaw (CVE-2019-14608) is due to improper buffer restrictions in the NUC firmware, which could allow attackers to enable privilege escalation via local access to the device.
The second vulnerability (CVE-2019-14610) describes improper access control in NUC firmware that could allow an authenticated user to enable escalation of privilege via local access.
The third vulnerability (CVE-2019-14609) comes from improper input validation in firmware that also lead to privilege escalation via local access.
A fourth NUC firmware flaw (CVE-2019-14611) was an integer overflow that could result in the same type of attack.
The final flaw (CVE-2019-14612) is an out of bounds write in NUC firmware that attackers could also exploit to escalate system privileges via local access.
Besides all of the speculative execution attacks against its processors, Intel has also had to issue multiple security advisories for its NUC family of devices this year. The company has been attempting to prioritize security since the Spectre CPU vulnerabilities were revealed, and, in part, that means encouraging researchers to look for vulnerabilities on its platforms. "
https://www.tomshardware.com/news/intel-nuc-security-flaws-advisory-vulnerabilities