Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-11129

Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 13 products from intel, from intel, from intel and 10 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-06-13T16:29:01.577

Last Modified

2024-11-21T04:20:35.123

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-125
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	intel	nuc_kit_firmware	-	Yes
Hardware	intel	nuc_kit_nuc8i3bex	-	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_d34010wyx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_d54250wyx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_de3815tyb	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_dn2820fykh	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc5cpyh	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc5i3myx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc5i3ryx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc5i5myx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc5i5ryx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc5i7ryx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc5pgyh	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc5ppyh	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc6cayx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc6i3syx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc6i5syx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc6i7kyk	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc7cjy	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc7i3bnx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc7i3dnx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc7i5bnx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc7i5dnx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc7i7bnx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc7i7dnx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc7pjy	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc8i3cyx	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc8i5bex	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc8i7bex	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc8i7hnk	No
Hardware	intel	nuc_kit_nuc8i3bex	nuc_kit_nuc8i7hvk	No
Operating System	intel	compute_card_firmware	-	Yes
Hardware	intel	compute_card_cd1c64gk	-	No
Hardware	intel	compute_card_cd1iv128mk	-	No
Hardware	intel	compute_card_cd1m3128mk	-	No
Hardware	intel	compute_card_cd1p64gk	-	No
Operating System	intel	compute_stick_firmware	-	Yes
Hardware	intel	compute_stick_stck1a32wfc	-	No
Hardware	intel	compute_stick_stck1a8lfc	-	No
Hardware	intel	compute_stick_stk2m364cc	-	No
Hardware	intel	compute_stick_stk2m3w64cc	-	No
Hardware	intel	compute_stick_stk2mv64cc	-	No

References

http://www.securityfocus.com/bid/108766 Third Party Advisory, VDB Entry ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html?wapkw=2019-11129 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/108766 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For intel's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.