var-201911-1640
Vulnerability from variot
Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers are network adapter products from Intel Corporation. The vulnerability stems from insufficient input validation for the i40e driver. An attacker could exploit the vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1640",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ethernet controller 710-bm1",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "2.8.43"
},
{
"model": "ethernet controller x710-at2",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "2.8.43"
},
{
"model": "ethernet controller x710-bm2",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "2.8.43"
},
{
"model": "ethernet controller x710-tm4",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "2.8.43"
},
{
"model": "ethernet controller xxv710-am1",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "2.8.43"
},
{
"model": "ethernet controller xxv710-am2",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "2.8.43"
},
{
"model": "ethernet 700 series software",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "24.0"
},
{
"model": "ethernet 700 series software",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "ethernet series controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "700\u003c2.8.43"
},
{
"model": "ethernet controller x710-at2",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "ethernet controller 710-bm1",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "ethernet controller x710-tm4",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "ethernet controller xxv710-am1",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "ethernet controller x710-bm2",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "ethernet controller xxv710-am2",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-552"
},
{
"db": "NVD",
"id": "CVE-2019-0149"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intel:enternet_700_series_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_710-bm1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_x710-at2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:x710-bm2_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_x710-tm4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_xxv710-am1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_xxv710-am2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
}
]
},
"cve": "CVE-2019-0149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0149",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-41464",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-140180",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-0149",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0149",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0149",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-0149",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-41464",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-552",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-140180",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"db": "VULHUB",
"id": "VHN-140180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-552"
},
{
"db": "NVD",
"id": "CVE-2019-0149"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers are network adapter products from Intel Corporation. The vulnerability stems from insufficient input validation for the i40e driver. An attacker could exploit the vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"db": "VULHUB",
"id": "VHN-140180"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0149",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90354904",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-552",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-41464",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-27715",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-140180",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"db": "VULHUB",
"id": "VHN-140180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-552"
},
{
"db": "NVD",
"id": "CVE-2019-0149"
}
]
},
"id": "VAR-201911-1640",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"db": "VULHUB",
"id": "VHN-140180"
}
],
"trust": 1.4417241349999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41464"
}
]
},
"last_update_date": "2024-11-23T20:21:14.166000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00255",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
},
{
"title": "Patch for Intel Ethernet 700 Series Controllers i40e Driver Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191093"
},
{
"title": "Intel Ethernet 700 Series Controllers i40e driver Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104678"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-552"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"db": "NVD",
"id": "CVE-2019-0149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0149"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0149"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90354904/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-ethernet-700-series-controllers-multiple-vulnerabilities-30850"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-27715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"db": "VULHUB",
"id": "VHN-140180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-552"
},
{
"db": "NVD",
"id": "CVE-2019-0149"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"db": "VULHUB",
"id": "VHN-140180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-552"
},
{
"db": "NVD",
"id": "CVE-2019-0149"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"date": "2019-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-140180"
},
{
"date": "2019-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"date": "2019-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-552"
},
{
"date": "2019-11-14T19:15:12.533000",
"db": "NVD",
"id": "CVE-2019-0149"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41464"
},
{
"date": "2019-11-19T00:00:00",
"db": "VULHUB",
"id": "VHN-140180"
},
{
"date": "2019-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012081"
},
{
"date": "2019-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-552"
},
{
"date": "2024-11-21T04:16:20.100000",
"db": "NVD",
"id": "CVE-2019-0149"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-552"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) Ethernet 700 Series Controller Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012081"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-552"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…