← Back

CVE-2019-0140

nvd nist
Published: Nov 14, 2019Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.

Affected (7)

Intel
7 products
Ethernet Controller X710 Tm4 Firmware
Ethernet Controller X710 At2 Firmware
Ethernet Controller Xxv710 Am2 Firmware
Ethernet Controller Xxv710 Am1 Firmware
Ethernet Controller X710 Bm2 Firmware
Ethernet Controller 710 Bm1 Firmware
Ethernet 700 Series Software
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ethernet Controller X710 Tm4 Firmware
Before 7.0
Running on/withPlatform Versions
Intel
Ethernet Controller X710 Tm4
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ethernet Controller X710 At2 Firmware
Before 7.0
Running on/withPlatform Versions
Intel
Ethernet Controller X710 At2
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ethernet Controller Xxv710 Am2 Firmware
Before 7.0
Running on/withPlatform Versions
Intel
Ethernet Controller Xxv710 Am2
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ethernet Controller Xxv710 Am1 Firmware
Before 7.0
Running on/withPlatform Versions
Intel
Ethernet Controller Xxv710 Am1
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ethernet Controller X710 Bm2 Firmware
Before 7.0
Running on/withPlatform Versions
Intel
Ethernet Controller X710 Bm2
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ethernet Controller 710 Bm1 Firmware
Before 7.0
Running on/withPlatform Versions
Intel
Ethernet Controller 710 Bm1
All versions
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Ethernet 700 Series Software
Before 24.0

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: secure@intel.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.