Intel released a security update for multiple vulnerabilities that affected Intel software products, including Intel Smart Connect Technology, Active System Console and system firmware for Intel NUC.
Intel patched 4 vulnerabilities that include 2 “Medium” severity and 2 “High” severity vulnerabilities.
High severity vulnerabilities that a system firmware called Intel NUC allow attackers to perform escalation of privilege, denial of service and/or information disclosure attack.
Vulnerabilities in Intel NUC
First “High” severity memory corruption vulnerability (CVE-2019-14570) that resides in the system firmware for Intel NUC lets privilege users perform escalation of privilege via local access.
Another point corruption vulnerability (CVE-2019-14569) allows an attacker to perform the same attack in Intel NUC (escalation of privilege, denial of service and/or information disclosure) with a 7.5 CVE score and marked it as high severity flaw.
Vulnerability in Intel Smart Connect Technology
A medium severity vulnerability that affected Intel Smart Connect Technology allows an authenticated user to potentially enable escalation of privilege via local access due to Improper file permission in software installer.
The vulnerability can be tracked as CVE-2019-11167 with a 6.3 CVE score, and the vulnerability remains unpatched since Intel issued a discontinuation notice for Intel Smart Connect Technology for Intel NUC.
Vulnerability in Intel Active System Console
Another medium severity vulnerability let attackers perform a privilege escalation attack via local access in Intel(R) Active System Console before version 8.0 Build 24.
“Intel recommends that users of Intel Active System Console for Intel Server Boards and Systems based on Intel 62X Chipset update to 8.0 Build 24 or later.”