Sign-up

ID

VAR-201911-1638


CVE

CVE-2019-0147


TITLE

Intel(R) Ethernet 700 Series Controller Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012079

DESCRIPTION

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. A denial of service vulnerability exists in Intel Ethernet 700 Series Controllers prior to 7.0. The vulnerability stems from insufficient input validation of the controller's i40e driver. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.25

sources: NVD: CVE-2019-0147 // JVNDB: JVNDB-2019-012079 // CNVD: CNVD-2019-41460 // VULHUB: VHN-140178

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41460

AFFECTED PRODUCTS

vendor:intelmodel:ethernet controller 710-bm1scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-at2scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-bm2scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller x710-tm4scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller xxv710-am1scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet controller xxv710-am2scope:ltversion:7.0

Trust: 1.8

vendor:intelmodel:ethernet 700 series softwarescope:ltversion:24.0

Trust: 1.0

vendor:intelmodel:ethernet 700 series softwarescope: - version: -

Trust: 0.8

vendor:intelmodel:ethernet series controllerscope:eqversion:700<7.0

Trust: 0.6

vendor:intelmodel:ethernet controller x710-at2scope:eqversion: -

Trust: 0.6

vendor:intelmodel:ethernet controller 710-bm1scope:eqversion: -

Trust: 0.6

vendor:intelmodel:ethernet controller x710-tm4scope:eqversion: -

Trust: 0.6

vendor:intelmodel:ethernet controller xxv710-am1scope:eqversion: -

Trust: 0.6

vendor:intelmodel:ethernet controller x710-bm2scope:eqversion: -

Trust: 0.6

vendor:intelmodel:ethernet controller xxv710-am2scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-41460 // JVNDB: JVNDB-2019-012079 // CNNVD: CNNVD-201911-556 // NVD: CVE-2019-0147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0147
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0147
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41460
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-556
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140178
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0147
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41460
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-140178
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0147
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-0147
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41460 // VULHUB: VHN-140178 // JVNDB: JVNDB-2019-012079 // CNNVD: CNNVD-201911-556 // NVD: CVE-2019-0147

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-140178 // JVNDB: JVNDB-2019-012079 // NVD: CVE-2019-0147

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-556

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-556

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012079

PATCH
title:INTEL-SA-00255url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html
Trust: 0.8
title:Patch for Intel Ethernet 700 Series Controllers Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/191089
Trust: 0.6
title:Intel Ethernet 700 Series Controllers i40e driver Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104468
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41460 // 
            
            
            
            JVNDB: JVNDB-2019-012079 // 
            
            
            
            CNNVD: CNNVD-201911-556

EXTERNAL IDS
db:NVDid:CVE-2019-0147
Trust: 3.1
db:JVNid:JVNVU90354904
Trust: 0.8
db:JVNDBid:JVNDB-2019-012079
Trust: 0.8
db:CNNVDid:CNNVD-201911-556
Trust: 0.7
db:CNVDid:CNVD-2019-41460
Trust: 0.6
db:LENOVOid:LEN-27715
Trust: 0.6
db:VULHUBid:VHN-140178
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41460 // 
            
            
            
            VULHUB: VHN-140178 // 
            
            
            
            JVNDB: JVNDB-2019-012079 // 
            
            
            
            CNNVD: CNNVD-201911-556 // 
            
            
            
            NVD: CVE-2019-0147

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-0147
Trust: 2.0
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0147
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90354904/
Trust: 0.8
url:https://vigilance.fr/vulnerability/intel-ethernet-700-series-controllers-multiple-vulnerabilities-30850
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-27715
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41460 // 
            
            
            
            VULHUB: VHN-140178 // 
            
            
            
            JVNDB: JVNDB-2019-012079 // 
            
            
            
            CNNVD: CNNVD-201911-556 // 
            
            
            
            NVD: CVE-2019-0147

SOURCES
db:CNVDid:CNVD-2019-41460
db:VULHUBid:VHN-140178
db:JVNDBid:JVNDB-2019-012079
db:CNNVDid:CNNVD-201911-556
db:NVDid:CVE-2019-0147

LAST UPDATE DATE
2024-11-23T21:31:30.069000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41460date:2019-11-20T00:00:00
db:VULHUBid:VHN-140178date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-012079date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-556date:2019-12-27T00:00:00
db:NVDid:CVE-2019-0147date:2024-11-21T04:16:19.840

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41460date:2019-11-20T00:00:00
db:VULHUBid:VHN-140178date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-012079date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-556date:2019-11-12T00:00:00
db:NVDid:CVE-2019-0147date:2019-11-14T19:15:12.393