首頁 > 安全研究 > 安全通報 > 安全通告

Intel NUC固件多個漏洞安全通告

發布時間 2019-06-14

漏洞編號和級別

CVE編號：CVE-2019-11123，危險級別：高危，CVSS分值：廠商自評：7.5，官方未評定
CVE編號：CVE-2019-11124，危險級別：高危，CVSS分值：廠商自評：7.5，官方未評定
CVE編號：CVE-2019-11125，危險級別：高危，CVSS分值：廠商自評：7.5，官方未評定
CVE編號：CVE-2019-11126，危險級別：高危，CVSS分值：廠商自評：7.5，官方未評定
CVE編號：CVE-2019-11127，危險級別：高危，CVSS分值：廠商自評：8.2，官方未評定
CVE編號：CVE-2019-11128，危險級別：高危，CVSS分值：廠商自評：8.2，官方未評定
CVE編號：CVE-2019-11129，危險級別：高危，CVSS分值：廠商自評：7.5，官方未評定

CVE編號：CVE-2019-11119，危險級別：高危，CVSS分值：廠商自評：8.9，官方未評定

影響版本

受影響的版本

Affected Product	Updated Firmware
Intel? NUC Kit NUC8i3Bex Intel? NUC Kit NUC8i5BEx Intel? NUC Kit NUC8i7BEx	BIOS version 0071 or later
Intel? Compute Card CD1P64GK Intel? Compute Card CD1C64GK	BIOS version 0050 or later
Intel? NUC Kit NUC8i3CYx	BIOS version 0040 or later
Intel? NUC Kit NUC8i7HNK Intel? NUC Kit NUC8i7HVK	BIOS version 0054 or later
Intel? NUC Kit NUC7i7DNx	BIOS version 0063 or later
Intel? NUC Kit NUC7i5DNx	BIOS version 0063 or later
Intel? NUC Kit NUC7i3DNx	BIOS version 0063 or later
Intel? Compute Stick STK2MV64CC	BIOS version 0060 or later
Intel? Compute Stick STK2M3W64CC Intel? Compute Stick STK2M364CC	BIOS version 0060 or later
Intel? NUC Kit NUC6i7KYk	BIOS version 0062 or later
Intel? NUC Kit NUC7PJY Intel? NUC Kit NUC7CJY	BIOS version 0049 or later
Intel? NUC KitNUC6CAYx	BIOS version 0060 or later
Intel? NUC Kit DE3815TYB (BIOS ID CODE TYBYT20H.86A BIOS ID code)	BIOS version 0020 or later
Intel? NUC Kit DE3815TYB (BIOS ID CODE TYBYT10H.86A BIOS ID code)	BIOS version 0065 or later
Intel? NUC Kit NUC5CPYH Intel? NUC Kit NUC5PPYH Intel? NUC Kit NUC5PGYH	BIOS version 0076 or later
Intel? NUC Kit NUC5i7RYx Intel? NUC Kit NUC5i3RYx Intel? NUC Kit NUC5i5RYx	BIOS version 0379 or later
Intel? NUC Kit NUC5i5MYx	BIOS version 0051 or later
Intel? NUC Kit NUC5i3MYx	BIOS version 0054 or later
Intel? NUC Kit DN2820FYKH	BIOS version 0067 or later
Intel? Compute Stick STCK1A32WFC Intel? Compute Stick STCK1A8LFC	BIOS version 0039 or later
Intel? Compute Card CD1M3128MK	BIOS version 0056 or later
Intel? Compute Card CD1IV128MK	BIOS version 0036 or later
Intel? NUC Kit NUC7i3BNx Intel? NUC Kit NUC7i5BNx Intel? NUC Kit NUC7i7BNx	BIOS version 0079 or later
Intel? NUC Kit NUC6i3SYx Intel? NUC Kit NUC6i5SYx	BIOS version 0070 or later
Intel? NUC Kit D54250WYx Intel? NUC Kit D34010WYx	BIOS version 0051 or later
Intel? RAID Web Console 3 for Windows* version 4.186 and before	Intel? RAID Web Console 3 for Windows* update to 7.009.011.000 or later

漏洞概述

Intel NUC kits是美國英特爾（Intel）公司的一款迷你型臺式機。Intel RAID Web Console for Windows是美國英特爾（Intel）公司的一款基于Windows平臺的RAID（獨立冗余磁盤陣列）管理控制臺程序。

英特爾修復了如下高危漏洞：

CVE-2019-11123

Intel NUC套件的系統固件中的會話驗證不足可能允許特權用戶通過本地訪問來提權，拒絕服務和/或信息泄露。

CVE-2019-11124

對于Intel NUC套件的系統固件的超出讀/寫可允許特權用戶通過本地訪問潛在地實現提權，拒絕服務和/或信息泄露。

CVE-2019-11125

Intel NUC套件的系統固件中的輸入驗證不足可能允許特權用戶通過本地訪問來提權，拒絕服務和/或信息泄露。

CVE-2019-11126

Intel NUC套件的系統固件中的指針損壞可能允許特權用戶通過本地訪問來提權，拒絕服務和/或信息泄露。

CVE-2019-11127

Intel NUC套件的系統固件中的緩沖區溢出可能允許特權用戶通過本地訪問來提權，拒絕服務和/或信息泄露。

CVE-2019-11128

Intel NUC套件的系統固件中的輸入驗證不足可能允許特權用戶通過本地訪問來提權，拒絕服務和/或信息泄露。

CVE-2019-11129

對于Intel NUC套件的系統固件的超出讀/寫可允許特權用戶通過本地訪問潛在地實現提權，拒絕服務和/或信息泄露。

CVE-2019-11119

Intel RWC3版本4.186及之前的服務API中的會話驗證不足可能允許未經身份驗證的用戶通過網絡訪問啟用提權。

漏洞驗證

暫無POC/EXP。

修復建議

目前廠商已發布升級補丁以修復漏洞，補丁獲取鏈接：
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html

https://downloadcenter.intel.com/download/28781/Intel-RAID-Web-Console-3-for-Windows-?v=t

參考鏈接

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html

7*24小時服務熱線

400-624-3900

官方微信

官方微博

法律聲明

安全研究

Intel NUC固件多個漏洞安全通告

Affected Product

Updated Firmware

Intel? NUC Kit NUC8i3Bex

Intel? NUC Kit NUC8i5BEx

Intel? NUC Kit NUC8i7BEx

Intel? Compute Card CD1P64GK Intel? Compute Card CD1C64GK

Intel? NUC Kit NUC8i3CYx

Intel? NUC Kit NUC8i7HNK

Intel? NUC Kit NUC8i7HVK

Intel? NUC Kit NUC7i7DNx

Intel? NUC Kit NUC7i5DNx

Intel? NUC Kit NUC7i3DNx

Intel? Compute Stick STK2MV64CC

Intel? Compute Stick STK2M3W64CC

Intel? Compute Stick STK2M364CC

Intel? NUC Kit NUC6i7KYk

Intel? NUC Kit NUC7PJY

Intel? NUC Kit NUC7CJY

Intel? NUC KitNUC6CAYx

Intel? NUC Kit DE3815TYB

(BIOS ID CODE TYBYT20H.86A BIOS ID code)

Intel? NUC Kit DE3815TYB

(BIOS ID CODE TYBYT10H.86A BIOS ID code)

Intel? NUC Kit NUC5CPYH

Intel? NUC Kit NUC5PPYH

Intel? NUC Kit NUC5PGYH

Intel? NUC Kit NUC5i7RYx

Intel? NUC Kit NUC5i3RYx

Intel? NUC Kit NUC5i5RYx

Intel? NUC Kit NUC5i5MYx

Intel? NUC Kit NUC5i3MYx

Intel? NUC Kit DN2820FYKH

Intel? Compute Stick STCK1A32WFC

Intel? Compute Stick STCK1A8LFC

Intel? Compute Card CD1M3128MK

Intel? Compute Card CD1IV128MK

Intel? NUC Kit NUC7i3BNx

Intel? NUC Kit NUC7i5BNx

Intel? NUC Kit NUC7i7BNx

Intel? NUC Kit NUC6i3SYx

Intel? NUC Kit NUC6i5SYx

Intel? NUC Kit D54250WYx

Intel? NUC Kit D34010WYx

Intel? RAID Web Console 3 for Windows* version 4.186 and before

Intel? RAID Web Console 3 for Windows* update to 7.009.011.000 or later

7*24小時服務熱線