Lucene search

[email protected]CVE-2019-0098

HistoryMay 17, 2019 - 4:29 p.m.

CVE-2019-0098

2019-05-1716:29:01

[email protected]

web.nvd.nist.gov

cve-2019-0098

intel

csme

txe

logic bug

vulnerability

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.2%

JSON

Logic bug vulnerability in subsystem for Intel® CSME before version 12.0.35, Intel® TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Affected configurations

NVD

Node

intelconverged_security_management_engine_firmwareRange11.0–11.8.65

intelconverged_security_management_engine_firmwareRange11.10–11.11.65

intelconverged_security_management_engine_firmwareRange11.20–11.22.65

intelconverged_security_management_engine_firmwareRange12.0–12.0.35

inteltrusted_execution_engine_firmwareRange3.0–3.1.65

inteltrusted_execution_engine_firmwareRange4.0–4.0.15

CPENameOperatorVersion
intel:converged_security_management_engine_firmwareintel converged security management engine firmwarelt11.8.65
intel:converged_security_management_engine_firmwareintel converged security management engine firmwarelt11.11.65
intel:converged_security_management_engine_firmwareintel converged security management engine firmwarelt11.22.65
intel:converged_security_management_engine_firmwareintel converged security management engine firmwarelt12.0.35
intel:trusted_execution_engine_firmwareintel trusted execution engine firmwarelt3.1.65
intel:trusted_execution_engine_firmwareintel trusted execution engine firmwarelt4.0.15

CPE	Name	Operator	Version
intel:converged_security_management_engine_firmware	intel converged security management engine firmware	lt	11.8.65
intel:converged_security_management_engine_firmware	intel converged security management engine firmware	lt	11.11.65
intel:converged_security_management_engine_firmware	intel converged security management engine firmware	lt	11.22.65
intel:converged_security_management_engine_firmware	intel converged security management engine firmware	lt	12.0.35
intel:trusted_execution_engine_firmware	intel trusted execution engine firmware	lt	3.1.65
intel:trusted_execution_engine_firmware	intel trusted execution engine firmware	lt	4.0.15

CNA Affected

[
  {
    "product": "Intel(R) Converged Security & Management Engine (CSME), Intel (R) Trusted Execution Engine Interface (TXE)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before Intel (R) CSME 12.0.35 and Intel(R) TXE before 3.1.65, 4.0.15."
      }
    ]
  }
]

References

support.f5.com/csp/article/K10522033

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.2%

JSON

Related for CVE-2019-0098

nvd1 f52 prion1 cvelist1 hp1 intel1 lenovo2