Details of VAR-201911-1640

ID

VAR-201911-1640

CVE

CVE-2019-0149

TITLE

Intel(R) Ethernet 700 Series Controller Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012081

DESCRIPTION

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers are network adapter products from Intel Corporation. The vulnerability stems from insufficient input validation for the i40e driver. An attacker could exploit the vulnerability to cause a denial of service

Trust: 2.25

sources: NVD: CVE-2019-0149 // JVNDB: JVNDB-2019-012081 // CNVD: CNVD-2019-41464 // VULHUB: VHN-140180

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-41464

AFFECTED PRODUCTS

vendor:	intel	model:	ethernet controller 710-bm1	scope:	lt	version:	2.8.43	Trust: 1.8
vendor:	intel	model:	ethernet controller x710-at2	scope:	lt	version:	2.8.43	Trust: 1.8
vendor:	intel	model:	ethernet controller x710-bm2	scope:	lt	version:	2.8.43	Trust: 1.8
vendor:	intel	model:	ethernet controller x710-tm4	scope:	lt	version:	2.8.43	Trust: 1.8
vendor:	intel	model:	ethernet controller xxv710-am1	scope:	lt	version:	2.8.43	Trust: 1.8
vendor:	intel	model:	ethernet controller xxv710-am2	scope:	lt	version:	2.8.43	Trust: 1.8
vendor:	intel	model:	ethernet 700 series software	scope:	lt	version:	24.0	Trust: 1.0
vendor:	intel	model:	ethernet 700 series software	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	ethernet series controllers	scope:	eq	version:	700<2.8.43	Trust: 0.6
vendor:	intel	model:	ethernet controller x710-at2	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	ethernet controller 710-bm1	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	ethernet controller x710-tm4	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	ethernet controller xxv710-am1	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	ethernet controller x710-bm2	scope:	eq	version:	-	Trust: 0.6
vendor:	intel	model:	ethernet controller xxv710-am2	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-41464 // JVNDB: JVNDB-2019-012081 // CNNVD: CNNVD-201911-552 // NVD: CVE-2019-0149

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0149
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0149
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-41464
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201911-552
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140180
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0149
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-41464
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-140180
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0149
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-0149
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-41464 // VULHUB: VHN-140180 // JVNDB: JVNDB-2019-012081 // CNNVD: CNNVD-201911-552 // NVD: CVE-2019-0149

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-140180 // JVNDB: JVNDB-2019-012081 // NVD: CVE-2019-0149

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-552

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-552

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012081

PATCH

title:	INTEL-SA-00255	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html	Trust: 0.8
title:	Patch for Intel Ethernet 700 Series Controllers i40e Driver Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/191093	Trust: 0.6
title:	Intel Ethernet 700 Series Controllers i40e driver Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104678	Trust: 0.6

sources: CNVD: CNVD-2019-41464 // JVNDB: JVNDB-2019-012081 // CNNVD: CNNVD-201911-552

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0149	Trust: 3.1
db:	JVN	id:	JVNVU90354904	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-012081	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-552	Trust: 0.7
db:	CNVD	id:	CNVD-2019-41464	Trust: 0.6
db:	LENOVO	id:	LEN-27715	Trust: 0.6
db:	VULHUB	id:	VHN-140180	Trust: 0.1

sources: CNVD: CNVD-2019-41464 // VULHUB: VHN-140180 // JVNDB: JVNDB-2019-012081 // CNNVD: CNNVD-201911-552 // NVD: CVE-2019-0149

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-0149	Trust: 2.0
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0149	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90354904/	Trust: 0.8
url:	https://vigilance.fr/vulnerability/intel-ethernet-700-series-controllers-multiple-vulnerabilities-30850	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-27715	Trust: 0.6

sources: CNVD: CNVD-2019-41464 // VULHUB: VHN-140180 // JVNDB: JVNDB-2019-012081 // CNNVD: CNNVD-201911-552 // NVD: CVE-2019-0149

SOURCES

db:	CNVD	id:	CNVD-2019-41464
db:	VULHUB	id:	VHN-140180
db:	JVNDB	id:	JVNDB-2019-012081
db:	CNNVD	id:	CNNVD-201911-552
db:	NVD	id:	CVE-2019-0149

LAST UPDATE DATE

2024-11-23T20:21:14.166000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-41464	date:	2019-11-20T00:00:00
db:	VULHUB	id:	VHN-140180	date:	2019-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-012081	date:	2019-11-25T00:00:00
db:	CNNVD	id:	CNNVD-201911-552	date:	2019-12-27T00:00:00
db:	NVD	id:	CVE-2019-0149	date:	2024-11-21T04:16:20.100

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-41464	date:	2019-11-20T00:00:00
db:	VULHUB	id:	VHN-140180	date:	2019-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-012081	date:	2019-11-25T00:00:00
db:	CNNVD	id:	CNNVD-201911-552	date:	2019-11-12T00:00:00
db:	NVD	id:	CVE-2019-0149	date:	2019-11-14T19:15:12.533