 |
This site is intended to provide information pertaining to vulnerabilities that
Intel has identified as important for our suppliers to address. (All suppliers are asked to review identified vulnerabilities and take action as appropriate. Please address the
Urgent/High items first, Moderate second, and Low when your schedule allows) |
| Reference Number | Summary | Severity | What May be Impacted | Status (select one response for each row) |
|---|---|---|---|---|
|
CVE-2014-7187 CVE-2014-7186 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 |
Bash Shellshock - Bash is a broadly distributed shell code software product that enables administrators to manage Unix hosts. It is on Linux, Mac OS, and many flavors of Unix. This vulnerability is easily exploited and allows full access to the affected host. | High/Urgent | All Linux, Mac OS and Unix platforms. Also any Windows platform running applications that use Bash. |
Patching In progress Yes, we have patched; with no data breach to Intel Yes, we have patched but Intel data may have been impacted No, we need assistance Vulnerability is not applicable for our environment Note: please come back to this site after you have completed patching to indicate so |
|
CVE-2014-3704 |
Drupal is a very popular CMS for enterprises and a vulnerability in this API was identified that allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests, this can lead to privilege escalation, arbitrary PHP execution, or other attacks. | High/Urgent | Linux and Windows systems running Drupal. |
Patching In progress Yes, we have patched; with no data breach to Intel Yes, we have patched but Intel data may have been impacted No, we need assistance Vulnerability is not applicable for our environment Note: please come back to this site after you have completed patching to indicate so |
|
CVE-2014-0160 CVE-2014-0224 CVE-2014-3509 CVE-2014-3511 CVE-2014-3512 CVE-2014-3566 |
All the latest CVE's for OpenSSL vulnerabilities, including Heartbleed, MitM, and Poodle. | High/Urgent | All Linux, Mac OS and Unix platforms. Also any Windows platform running applications that use Bash. |
Patching In progress Yes, we have patched; with no data breach to Intel Yes, we have patched but Intel data may have been impacted No, we need assistance Vulnerability is not applicable for our environment Note: please come back to this site after you have completed patching to indicate so |
| Legend |
|---|
|
Severity Ratings (subject to change): In an effort to be consistent across many different environments, we will be
following the NIST grading system, with the exception of the "Urgent" rating. |
| Urgent: Exploits have been found in the wild, and you host IP and/or PII data for Intel |
| High: Vulnerabilities will be labeled "High" severity if they have a CVSS base score of 7.0-10.0 |
| Medium: Vulnerabilities will be labeled "Medium" severity if they have a base CVSS score of 4.0-6.9 |
| Low: Vulnerabilities are labeled "Low" if they have a CVSS base score of 0.0-3.9 |
Click here for more information on the rating system |
