CVE-2019-11136
MEDIUMIntel Xeon Platinum and Xeon D Firmware - Insufficient Access Control
Title source: llmDescription
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03967en_us
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K56215245?utm_source=f5support&%3Butm_medium=RSS
Scores
CVSS v3
6.7
EPSS
0.0015
EPSS Percentile
35.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (50)
hpe/apollo_4200_gen10_server_firmware
< 2.20
hpe/apollo_4200_gen9_server_firmware
< 2.76
hpe/proliant_bl460c_gen10_server_blade_firmware
< 2.20
hpe/proliant_bl460c_gen9_server_blade_firmware
< 2.76
hpe/proliant_bl660c_gen9_server_firmware
< 2.76
hpe/proliant_dl120_gen10_server_firmware
< 2.20
hpe/proliant_dl120_gen9_server_firmware
< 2.76
hpe/proliant_dl160_gen10_server_firmware
< 2.20
hpe/proliant_dl160_gen9_server_firmware
< 2.76
hpe/proliant_dl180_gen10_server_firmware
< 2.20
... and 40 more
Published
Nov 14, 2019
Tracked Since
Feb 18, 2026