CVE-2019-14607

high-risk

Published 2019-12-16

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

Do I need to act?

0.15% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Xeon Platinum 9282 Firmware

Xeon Platinum 9242 Firmware

Xeon Platinum 9222 Firmware

Xeon Platinum 9221 Firmware

Xeon Platinum 8280M Firmware

Xeon Platinum 8280L Firmware

Xeon Platinum 8280 Firmware

Xeon Platinum 8276M Firmware

Xeon Platinum 8276L Firmware

Xeon Platinum 8276 Firmware

Xeon Platinum 8270 Firmware

Xeon Platinum 8268 Firmware

Xeon Platinum 8260Y Firmware

Xeon Platinum 8260M Firmware

Xeon Platinum 8260L Firmware

Xeon Platinum 8260 Firmware

Xeon Platinum 8256 Firmware

Xeon Platinum 8253 Firmware

Xeon Gold 6262V Firmware

Xeon Gold 6254 Firmware

Affected Vendors

Intel

References (6)

Third Party Advisory https://security.netapp.com/advisory/ntap-20191217-0002/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317....

Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_42

Third Party Advisory https://security.netapp.com/advisory/ntap-20191217-0002/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317....

Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_42

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical