Xeon Platinum 8253 Firmware
CVE-2019-11137
HIGH
Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
AnalysisAI
Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Affected products include: Intel Xeon Platinum 8253 Firmware, Intel Xeon Platinum 8256 Firmware, Intel Xeon Platinum 8260 Firmware, Intel Xeon Platinum 8276 Firmware, Intel Xeon Platinum 8276M Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Xeon Platinum 8253 Firmware
View allImproper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially e
Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R)
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized
Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial
Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable infor
Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial es
Same weakness CWE-20 – Improper Input Validation
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today