[email protected]CVE-2019-11090

HistoryDec 18, 2019 - 10:15 p.m.

CVE-2019-11090

2019-12-1822:15:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2019-11090

intel ptt

intel txe

intel sps

information disclosure

cryptographic timing

network security

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.2%

JSON

Cryptographic timing conditions in the subsystem for Intel® PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel® TXE 3.1.70 and 4.0.20; Intel® SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

CPENameOperatorVersion
intel:server_platform_services_firmwareintel server platform services firmwareeq*
intel:trusted_execution_engine_firmwareintel trusted execution engine firmwarelt4.0.20
intel:trusted_execution_engine_firmwareintel trusted execution engine firmwarelt3.1.70
intel:server_platform_services_firmwareintel server platform services firmwareltsps_soc-a_04.00.04.191.0
intel:server_platform_services_firmwareintel server platform services firmwareltsps_e3_04.01.04.086.0
intel:server_platform_services_firmwareintel server platform services firmwareltsps_soc-x_04.00.04.108.0
intel:server_platform_services_firmwareintel server platform services firmwareltsps_e5_04.01.04.305.0
intel:platform_trust_technology_firmwareintel platform trust technology firmwarelt14.0.10
intel:platform_trust_technology_firmwareintel platform trust technology firmwarelt13.0.0
intel:platform_trust_technology_firmwareintel platform trust technology firmwarelt12.0.45

CPE	Name	Operator	Version
intel:server_platform_services_firmware	intel server platform services firmware	eq	*
intel:trusted_execution_engine_firmware	intel trusted execution engine firmware	lt	4.0.20
intel:trusted_execution_engine_firmware	intel trusted execution engine firmware	lt	3.1.70
intel:server_platform_services_firmware	intel server platform services firmware	lt	sps_soc-a_04.00.04.191.0
intel:server_platform_services_firmware	intel server platform services firmware	lt	sps_e3_04.01.04.086.0
intel:server_platform_services_firmware	intel server platform services firmware	lt	sps_soc-x_04.00.04.108.0
intel:server_platform_services_firmware	intel server platform services firmware	lt	sps_e5_04.01.04.305.0
intel:platform_trust_technology_firmware	intel platform trust technology firmware	lt	14.0.10
intel:platform_trust_technology_firmware	intel platform trust technology firmware	lt	13.0.0
intel:platform_trust_technology_firmware	intel platform trust technology firmware	lt	12.0.45