HPSBHF03651 rev. 4 - Intel® CSME February 2020 Security Update

Potential Security Impact

Escalation of Privilege, Denial of Service, and Information Disclosure.

Source: HP, HP Product Security Response Team (PSRT)

Reported by: Intel®

VULNERABILITY SUMMARY

HP has been notified of potential security vulnerabilities involving improper authentication with the Intel CSME subsystem for certain Intel products. Intel CSME FW versions before 12.0.49, 12.0.55, 13.0.21, and 14.0.11 may allow a privileged user to potentially enable escalation of privilege, denial of service, or information disclosure via local access.

RESOLUTION

Intel has released updates to mitigate the potential vulnerability. HP has identified the affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerability. See the affected platforms listed below.

Newer versions may become available and identified minimum versions may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.

HP recommends keeping your system up to date with the latest firmware and software.