CVE-2019-0119

high-risk

Published 2019-05-17

Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Hns2600Tp24Sr Firmware

Hns2600Tp24Str Firmware

Hns2600Tpf Firmware

Hns2600Tpfr Firmware

Hns2600Tpnr Firmware

Hns2600Tpr Firmware

Hns2600Kp Firmware

Hns2600Kpf Firmware

Hns2600Kpfr Firmware

Hns2600Kpr Firmware

Hns2600Bpb24 Firmware

Hns2600Bpb Firmware

Hns2600Bpblc Firmware

Hns2600Bpblc24 Firmware

Hns2600Bpq Firmware

Hns2400Lp Firmware

Hns2600Jf Firmware

Hns2600Jff Firmware

Hns2600Jfq Firmware

Hns2600Wp Firmware

Affected Vendors

Intel

References (6)

http://www.securityfocus.com/bid/108485

https://support.f5.com/csp/article/K85585101

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00223....

http://www.securityfocus.com/bid/108485

https://support.f5.com/csp/article/K85585101

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00223....

/ 100

high-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 29/34 · Critical