Vulnerability-Lookup

CNVD-2026-02959

Vulnerability from cnvd - Published: 2026-01-12

Title

Intel Ethernet Connection I219 Series访问控制不当漏洞

Description

Intel Ethernet Connection I219 Series是一组由Intel制造的低功耗千兆以太网物理层（PHY）控制器，主要用于台式机、笔记本电脑和嵌入式系统等设备，提供有线网络连接功能。 Intel Ethernet Connection I219 Series存在访问控制不当漏洞，攻击者可利用该漏洞导致本地拒绝服务。

Severity

中

Patch Name

Intel Ethernet Connection I219 Series访问控制不当漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00590.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-39797

Impacted products

Name
Intel Intel Ethernet Connection I219 Series <12.19.1.39

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-39797",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-39797"
    }
  },
  "description": "Intel Ethernet Connection I219 Series\u662f\u4e00\u7ec4\u7531Intel\u5236\u9020\u7684\u4f4e\u529f\u8017\u5343\u5146\u4ee5\u592a\u7f51\u7269\u7406\u5c42\uff08PHY\uff09\u63a7\u5236\u5668\uff0c\u4e3b\u8981\u7528\u4e8e\u53f0\u5f0f\u673a\u3001\u7b14\u8bb0\u672c\u7535\u8111\u548c\u5d4c\u5165\u5f0f\u7cfb\u7edf\u7b49\u8bbe\u5907\uff0c\u63d0\u4f9b\u6709\u7ebf\u7f51\u7edc\u8fde\u63a5\u529f\u80fd\u3002\n\nIntel Ethernet Connection I219 Series\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00590.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-02959",
  "openTime": "2026-01-12",
  "patchDescription": "Intel Ethernet Connection I219 Series\u662f\u4e00\u7ec4\u7531Intel\u5236\u9020\u7684\u4f4e\u529f\u8017\u5343\u5146\u4ee5\u592a\u7f51\u7269\u7406\u5c42\uff08PHY\uff09\u63a7\u5236\u5668\uff0c\u4e3b\u8981\u7528\u4e8e\u53f0\u5f0f\u673a\u3001\u7b14\u8bb0\u672c\u7535\u8111\u548c\u5d4c\u5165\u5f0f\u7cfb\u7edf\u7b49\u8bbe\u5907\uff0c\u63d0\u4f9b\u6709\u7ebf\u7f51\u7edc\u8fde\u63a5\u529f\u80fd\u3002\r\n\r\nIntel Ethernet Connection I219 Series\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Ethernet Connection I219 Series\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Intel Ethernet Connection I219 Series \u003c12.19.1.39"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-39797",
  "serverity": "\u4e2d",
  "submitTime": "2025-02-17",
  "title": "Intel Ethernet Connection I219 Series\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\u6f0f\u6d1e"
}

CVE-2024-39797 (GCVE-0-2024-39797)

Vulnerability from cvelistv5 – Published: 2025-02-12 21:19 – Updated: 2025-02-13 20:17

Summary

Improper access control in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

Denial of Service
CWE-284 - Improper Access Control

Assigner

intel

References

URL

Tags

https://intel.com/content/www/us/en/security-cent…

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Ethernet Connection I219 Series	Affected: before version 12.19.1.39

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T20:17:51.336160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T20:17:58.614Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Ethernet Connection I219 Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 12.19.1.39"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en"
            },
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-12T21:19:12.980Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00590.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00590.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-39797",
    "datePublished": "2025-02-12T21:19:12.980Z",
    "dateReserved": "2024-06-29T03:00:06.348Z",
    "dateUpdated": "2025-02-13T20:17:58.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-02959

CVE-2024-39797 (GCVE-0-2024-39797)

Tags

Sightings

Nomenclature