Security updates for Intel NUCs and Server tool

Posted on 2019-10-11 by guenni

Intel has released 2 patches to fix vulnerabilities in his NUC PCs – but one flaw hasn't been fixes. And the Active System Console tool has a security issue.

Advertising

Intel NUC advisory

Intel has released a security advisory INTEL-SA-00296 for hin NUC systems on October 8, 2019. There are potential security vulnerabilities in system firmware for Intel® NUC may allow Escalation of Privilege, Denial of Service and Information Disclosure vulnerabilities – which are classified as high.

  • CVEID: CVE-2019-14569: Description: Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. CVSS Base Score: 7.5 High
  • CVEID: CVE-2019-14570: Description: Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. CVSS Base Score: 7.5 High
Affected Products Updated Firmware
Intel® NUC 8 Mainstream Game Kit INWHL357
Intel® NUC 8 Mainstream Game Mini Computer INWHL357
Intel® NUC Board DE3815TYBE (H26998-500 & later) TY0022
Intel® NUC Kit DE3815TYKHE (H27002-500 & later) TY0022
Intel® NUC Board DE3815TYBE TY0067
Intel® NUC Kit DE3815TYKHE TY0067
Intel® NUC Kit DN2820FYKH

FY0069

Intel recommends that users update to the latest version. There is also a 2nd advisory INTEL-SA-00286 (Intel® Smart Connect Technology for Intel® NUC Advisory):

CVEID: CVE-2019-11167: Description: Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.3 Medium

There is no fix available. Intel recommends that users of Intel® Smart Connect Technology for Intel® NUC uninstall or discontinue use at their earliest convenience.

And there is another Escalation of Privilege vulnerability CVE-2019-11120 in Intel's Active System Console. Intel has released advisory INTEL-SA-00261 and quotes the vulnerability as 'medium'

CVEID: CVE-2019-11120: Description: Insufficient path checking in the installer for Intel(R) Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.7 Medium

Affected Products: Intel® Active System Console for Intel® Server Boards and Systems based on Intel® 62X Chipset before version 8.0 Build 24. Intel recommends that users of Intel® Active System Console for Intel® Server Boards and Systems based on Intel® 62X Chipset update to 8.0 Build 24 or later.

Cookies helps to fund this blog: Cookie settings
Advertising

This entry was posted in Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *