-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0242
                            Intel NUC Advisory
                              14 August 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel NUC
Operating System:     Network Appliance
Impact/Access:        Increased Privileges     -- Existing Account
                      Denial of Service        -- Existing Account
                      Access Confidential Data -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-11140  
Member content until: Friday, September 13 2019

OVERVIEW

        Intel has discovered a potential security vulnerability in Intel NUC. 
        [1]


IMPACT

        Intel has provided the following information regarding the 
        vulnerability:
        
        "Summary:
        
        A potential security vulnerability in the system firmware for Intel NUC
        may allow escalation of privilege, denial of service and/or information 
        disclosure.
        
        Intel is releasing firmware updates to mitigate this potential 
        vulnerability.
        
        Vulnerability Details:
        
        CVEID: CVE-2019-11140
        
        Description: Insufficient session validation in system firmware for 
        Intel NUC may allow a privileged user to potentially enable escalation 
        of privilege, denial of service and/or information disclosure via 
        local access.
        
        CVSS Base Score: 7.5 High
        
        CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" [1]


MITIGATION

        Intel recommends that users update to the latest version. [1]


REFERENCES

        [1] Intel NUC Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00272.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXVOIuGaOgq3Tt24GAQjsiRAAnm987uRUyUuS7162yrLLw4FkQAT26dpA
JmaUVH0UB9cFjk48DKFMRv3Vm7GsvO6Tyuikq5h/Gfa2HazFjydaHv0Hamh5D3Lj
noFHOdZm/OONt06AdkH+TDmXFtvMgYHh6rI0EKFYlQE8Sh4sFePfosCk0+M72bhF
KfW5kGjv93R01+RBZA8TlDDaiX+y7RYVztinPuejK/L41iBDQqvLLcSqSlAP0Eto
4weQYDZUXW9cpvxlpANGRBkgUx6anBsyTSWjwS+aYMnlH/5mOigvZzEb0wPN2ng0
vqbwCwjs7Z5MwegOAjg4rvgYhpPQRwT9wiZ5s0lwA+/uhGntCUezC2f7S4spnEqs
Mas7tQKmShffcxMDST1Jxm1QcUcxq3W6Dh7EXIBjAtUDpaE+3A/6BSQUOtgjFuQA
0ob92pj0eoxT0xm8TsMWrZNXg1U4JgFTdRnIy8/HpQV3BuY2MqWgL08iyzN/wPpi
NJjYB7x/2Da+6BSZJpbwFPAq+RRgSjWkBKJKYCb9xQ5gh2dhzOFxlEn7uFtABPPH
IdJmtjhtM1RM95Lr7JePVvnk9R1/V4Fn0d+UA0SIwCok9NVveFikpCBjF20EdEQm
ARM4HjM1g0Exomi3XLDYTDN9W02kEYG5LEiqwbD2cq8pS3t0C1VoUWW6y8/o3BXR
9zHf7aAD6Sc=
=DmGz
-----END PGP SIGNATURE-----