CVE-2019-0126

moderate-risk

Published 2019-05-17

Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Xeon D-1649N Firmware

Xeon D-1633N Firmware

Xeon D-1637 Firmware

Xeon D-1627 Firmware

Xeon D-1623N Firmware

Xeon D-1622 Firmware

Xeon D-1653N Firmware

Xeon D-1602 Firmware

Xeon D-2141I Firmware

Xeon D-2177Nt Firmware

Xeon D-2161I Firmware

Xeon D-2143It Firmware

Xeon D-2146Nt Firmware

Xeon D-2145Nt Firmware

Xeon D-2123It Firmware

Xeon D-2173It Firmware

Xeon D-2191 Firmware

Xeon D-2187Nt Firmware

Xeon D-2142It Firmware

Xeon D-2163It Firmware

Affected Vendors

Intel

References (6)

http://www.securityfocus.com/bid/108485

https://support.f5.com/csp/article/K37428370

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00223....

http://www.securityfocus.com/bid/108485

https://support.f5.com/csp/article/K37428370

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00223....

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 25/34 · High