Xeon Platinum 8253 Firmware
CVE-2019-11136
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
AnalysisAI
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Affected products include: Intel Xeon Platinum 8253 Firmware, Intel Xeon Platinum 8256 Firmware, Intel Xeon Platinum 8260 Firmware, Intel Xeon Platinum 8276 Firmware, Intel Xeon Platinum 8276M Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Xeon Platinum 8253 Firmware
View allInsufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially e
Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized
Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial
Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable infor
Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial es
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today