Skip to main content

Ethernet Controller X710 Tm4 Firmware CVE-2019-0147

MEDIUM
Improper Input Validation (CWE-20)
2019-11-14 secure@intel.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 14, 2019 - 19:15 nvd
MEDIUM 5.5

DescriptionNVD

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.

AnalysisAI

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Affected products include: Intel Ethernet Controller X710-Tm4 Firmware, Intel Ethernet Controller X710-At2 Firmware, Intel Ethernet Controller Xxv710-Am2 Firmware, Intel Ethernet Controller Xxv710-Am1 Firmware, Intel Ethernet Controller X710-Bm2 Firmware. Version information: before 7.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-0140 HIGH
8.8 Nov 14

Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated

CVE-2019-0142 HIGH
8.2 Nov 14

Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0

CVE-2019-0145 HIGH
7.8 Nov 14

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticat

CVE-2021-0200 MEDIUM
6.7 Nov 17

Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileg

CVE-2019-0139 MEDIUM
6.7 Nov 14

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a priv

CVE-2019-0144 MEDIUM
6.5 Nov 14

Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticat

CVE-2019-0149 MEDIUM
5.5 Nov 14

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may all

CVE-2019-0148 MEDIUM
5.5 Nov 14

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated

CVE-2019-0146 MEDIUM
5.5 Nov 14

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authentica

CVE-2019-0143 MEDIUM
5.5 Nov 14

Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an

CVE-2019-0150 MEDIUM
5.1 Nov 14

Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privile

Share

CVE-2019-0147 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy