Skip to main content

Xeon D 1649N Firmware CVE-2019-0119

MEDIUM
Buffer Overflow (CWE-119)
2019-05-17 secure@intel.com
Privilege Escalation Buffer Overflow Intel Denial Of Service Xeon D 1649N Firmware Xeon D 1633N Firmware Xeon D 1637 Firmware Xeon D 1627 Firmware Xeon D 1623N Firmware Xeon D 1622 Firmware Xeon D 1653N Firmware Xeon D 1602 Firmware Xeon D 2141I Firmware Xeon D 2177Nt Firmware Xeon D 2161I Firmware Xeon D 2143It Firmware Xeon D 2146Nt Firmware Xeon D 2145Nt Firmware Xeon D 2123It Firmware Xeon D 2173It Firmware Xeon D 2191 Firmware Xeon D 2187Nt Firmware Xeon D 2142It Firmware Xeon D 2163It Firmware Xeon D 2183It Firmware Xeon D 2166Nt Firmware Xeon D 1513N Firmware Xeon D 1533N Firmware Xeon D 1553N Firmware Xeon D 1523N Firmware Xeon D 1543N Firmware Xeon D 1559 Firmware Xeon D 1529 Firmware Xeon D 1539 Firmware Xeon D 1567 Firmware Xeon D 1557 Firmware Xeon D 1577 Firmware Xeon D 1571 Firmware Xeon D 1528 Firmware Xeon D 1541 Firmware Xeon D 1518 Firmware Xeon D 1521 Firmware Xeon D 1531 Firmware Xeon D 1548 Firmware Xeon D 1527 Firmware Xeon D 1537 Firmware Xeon D 1540 Firmware Xeon D 1520 Firmware Xeon Platinum Processors Firmware Xeon Gold Processors Firmware Xeon Silver Processors Firmware Xeon Bronze Processors Firmware Server Board S2600Wf Firmware Server Board S2600Bp Firmware Server Board S2600St Firmware Server Board S2600Wt Firmware Server Board S2600Kp Firmware Server Board S2600Tp Firmware Server Board S2600Cw Firmware Server Board S7200Ap Firmware Server Board S1200Sp Firmware Server System S9200Wk Firmware Hns2600Bpq24 Firmware Hns2600Bps Firmware Hns2600Bps24 Firmware Hns7200Ap Firmware Hns7200Apl Firmware Hns7200Apr Firmware Hns7200Aprl Firmware Hns2600Tp Firmware Hns2600Tp24R Firmware Hns2600Tp24Sr Firmware Hns2600Tp24Str Firmware Hns2600Tpf Firmware Hns2600Tpfr Firmware Hns2600Tpnr Firmware Hns2600Tpr Firmware Hns2600Kp Firmware Hns2600Kpf Firmware Hns2600Kpfr Firmware Hns2600Kpr Firmware Hns2600Bpb24 Firmware Hns2600Bpb Firmware Hns2600Bpblc Firmware Hns2600Bpblc24 Firmware Hns2600Bpq Firmware Hns2400Lp Firmware Hns2600Jf Firmware Hns2600Jff Firmware Hns2600Jfq Firmware Hns2600Wp Firmware Hns2600Wpf Firmware Hns2600Wpq Firmware Mfs2600Ki Firmware Mfs5000Si Firmware Mfs5520Vir Firmware
6.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 17, 2019 - 16:29 nvd
MEDIUM 6.7

DescriptionNVD

Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

AnalysisAI

Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Affected products include: Intel Xeon D-1649N Firmware, Intel Xeon D-1633N Firmware, Intel Xeon D-1637 Firmware, Intel Xeon D-1627 Firmware, Intel Xeon D-1623N Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

Share

CVE-2019-0119 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy