In May, Intel fixed high-severity flaw CVE-2019-11094, which could also enable enable escalation of privilege, denial of service and/or information disclosure via local access.ĭon’t miss our free live Threatpost webinar, “ Streamlining Patch Management,” on Wed., July 24, at 2:00 p.m. A few weeks ago, the chip giant patched seven high-severity vulnerabilities in the system firmware of its Intel NUC (short for Next Unit of Computing), a mini-PC kit used for gaming, digital signage and more. It’s only Intel’s latest round of patches for vulnerabilities in its products. Intel said it recommends updating the S4500 and S4600 series firmware to SCV10150 or later. The flaw stems from a lack of authentication in the firmware for the solid state drives, and may allow an unprivileged user to potentially enable escalation of privilege via physical access. Intel on Tuesday also patched a separate vulnerability ( CVE-2018-18095), found internally by Intel, impacts Intel SSD DC S4500 and S4600 series firmware before SCV10150. Researcher Jesse Michael from Eclypsium was credited with reporting the issue. Impacted are 32-bit and 64-bit models of the diagnostic tool, before version 4.1.2.24. This vulnerability “may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access,” said Intel in its’ advisory. While details of the vulnerability are slim, Intel said that the flaw stems from improper access control in the tool. The vulnerability in the Intel Processor Diagnostics tool (CVE-2019-11133) ranks 8.2 out of 10 on the CVSS 3.0 scale, making it high-severity. “An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine.” “Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool,” according to a Cybersecurity and Infrastructure Security Agency ( CISA) alert. Intel on Tuesday released the patch in tandem with a fix for a medium-severity security vulnerability in its S4500/S4600 lineup of Solid State Drives (SSD) for data centers. The Intel Processor Diagnostic tool is a free product that allows users to test and diagnose any issues in their processor before having to contact tech support.
Intel has patched a high-severity vulnerability in its processor diagnostic tool, which could allow local attackers to launch several malicious attacks on affected devices, such as escalation of privilege or denial of service.
0 kommentar(er)
