6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
Lenovo Security Advisory: LEN-30525
Potential Impact: Privilege escalation, denial of service, information disclosure
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2019-14598
Summary Description:
Intel reported a potential security vulnerability in CSME subsystem may allow escalation of privilege, denial of service, and information disclosure.
Mitigation Strategy for Customers (what you should do to protect yourself):
Intel recommends updating to Intel® CSME versions 12.0.49, 13.0.21, and 14.0.11 or later. Intel recommends IOT customers using Intel® CSME version 12.0.55 to update to 12.0.56 or
later.
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P