Vulnerability Description
Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Ethernet Controller X710-Tm4 Firmware | < 7.0 |
| Intel | Ethernet Controller X710-Tm4 | - |
| Intel | Ethernet Controller X710-At2 Firmware | < 7.0 |
| Intel | Ethernet Controller X710-At2 | - |
| Intel | Ethernet Controller Xxv710-Am2 Firmware | < 7.0 |
| Intel | Ethernet Controller Xxv710-Am2 | - |
| Intel | Ethernet Controller Xxv710-Am1 Firmware | < 7.0 |
| Intel | Ethernet Controller Xxv710-Am1 | - |
| Intel | Ethernet Controller X710-Bm2 Firmware | < 7.0 |
| Intel | Ethernet Controller X710-Bm2 | - |
| Intel | Ethernet Controller 710-Bm1 Firmware | < 7.0 |
| Intel | Ethernet Controller 710-Bm1 | - |
| Intel | Ethernet 700 Series Software | < 24.0 |
Related Weaknesses (CWE)
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.PatchVendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.PatchVendor Advisory
FAQ
What is CVE-2019-0140?
CVE-2019-0140 is a vulnerability with a CVSS score of 8.8 (HIGH). Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.
How severe is CVE-2019-0140?
CVE-2019-0140 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0140?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Ethernet Controller X710-Tm4 Firmware, Intel Ethernet Controller X710-Tm4, Intel Ethernet Controller X710-At2 Firmware, Intel Ethernet Controller X710-At2, Intel Ethernet Controller Xxv710-Am2 Firmware.