Multiple potential security vulnerabilities in Intel Active Management
Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service.
{"id": "OPENVAS:1361412562310143286", "type": "openvas", "bulletinFamily": "scanner", "title": "Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)", "description": "Multiple potential security vulnerabilities in Intel Active Management\n Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service.", "published": "2019-12-20T00:00:00", "modified": "2020-01-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143286", "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "references": ["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"], "cvelist": ["CVE-2019-11131", "CVE-2019-0131", "CVE-2019-11100", "CVE-2019-11088", "CVE-2019-11132", "CVE-2019-0166"], "lastseen": "2020-01-08T12:32:41", "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-0131", "CVE-2019-0166", "CVE-2019-11088", "CVE-2019-11100", "CVE-2019-11131", "CVE-2019-11132"]}, {"type": "hp", "idList": ["HP:C06501966"]}, {"type": "lenovo", "idList": ["LENOVO:PS500277-NOSID"]}, {"type": "nessus", "idList": ["JUNIPER_JSA11026.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:BBFD6EC28ECCF701431C5F4A518DC1B5"]}], "rev": 4}, "score": {"value": 5.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-0131", "CVE-2019-0166", "CVE-2019-11088", "CVE-2019-11100", "CVE-2019-11131", "CVE-2019-11132"]}, {"type": "hp", "idList": ["HP:C06501966"]}, {"type": "lenovo", "idList": ["LENOVO:PS500277-NOSID"]}, {"type": "nessus", "idList": ["JUNIPER_JSA11026.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:BBFD6EC28ECCF701431C5F4A518DC1B5"]}]}, "exploitation": null, "vulnersScore": 5.9}, "pluginID": "1361412562310143286", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/h:intel:active_management_technology\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143286\");\n script_version(\"2020-01-07T08:25:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 08:25:23 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-20 03:55:32 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-11132\", \"CVE-2019-11088\", \"CVE-2019-11131\", \"CVE-2019-0131\", \"CVE-2019-0166\",\n \"CVE-2019-11100\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_intel_amt_webui_detect.nasl\");\n script_mandatory_keys(\"intel_amt/installed\");\n\n script_tag(name:\"summary\", value:\"Multiple potential security vulnerabilities in Intel Active Management\n Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service.\");\n\n script_tag(name:\"insight\", value:\"Intel Active Management Technology is prone to multiple vulnerabilities:\n\n - Cross site scripting may allow a privileged user to potentially enable escalation of privilege via network\n access (CVE-2019-11132)\n\n - Insufficient input validation may allow an unauthenticated user to potentially enable escalation of privilege\n via adjacent access (CVE-2019-11088)\n\n - Logic issue may allow an unauthenticated user to potentially enable escalation of privilege via network access\n (CVE-2019-11131)\n\n - Insufficient input validation may allow an unauthenticated user to potentially enable denial of service or\n information disclosure via adjacent access (CVE-2019-0131)\n\n - Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure\n via network access (CVE-2019-0166)\n\n - Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure\n via physical access (CVE-2019-11100)\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Intel Active Management Technology 11.0 to 11.8.65, 11.10 to 11.11.65,\n 11.20 to 11.22.65 and 12.0 to 12.0.35.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 11.8.70, 11.11.70, 11.22.70, 12.0.45 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"11.0\", test_version2: \"11.8.65\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"11.8.70\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"11.10\", test_version2: \"11.11.65\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"11.11.70\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"11.20\", test_version2: \"11.22.65\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"11.22.70\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"12.0\", test_version2: \"12.0.35\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.0.45\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Web application abuses", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645468588}}
{"threatpost": [{"lastseen": "2020-10-15T22:29:14", "description": "A critical security bug in the Intel Converged Security and Manageability Engine (CSME) could allow escalation of privilege, denial of service or information disclosure.\n\nThe details are included in a [bug advisory](<https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.fm1dlz>) that in total covers 77 vulnerabilities, 67 of which were found by internal Intel staff. The silicon giant has rolled out firmware updates and software patches to address these, which range in severity from the one critical flaw to a low-severity local privilege-escalation issue.\n\nThe affected products are: Intel CSME, Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL).\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe critical flaw is a heap overflow bug with a score of 9.6 out of 10 on the CVSS v.3 severity scale (CVE-2019-0169). It exists in the subsystem in the Intel CSME, which is a standalone chip on Intel CPUs that is used for remote management. The vulnerability and could allow an unauthenticated user to enable escalation of privileges, information disclosure or denial of service via adjacent access.\n\n\u201cAdjacent access\u201d means that an attack must be launched from the same shared physical network or local IP subnet, or from within the same secure VPN or administrative network zone.\n\nAs for the other bugs, there\u2019s also a cross-site scripting (XSS) flaw rated as important (CVE-2019-11132). It exists in the subsystem of the Intel AMT and could allow a privileged user to enable privilege escalation via network access.\n\nIntel also fixed a slew of high-severity problems, including an insufficient access control issue (CVE-2019-11147) that could allow local privilege escalation by an authenticated user. It exists in the hardware abstraction driver for the MEInfo software for Intel CSME, TXEInfo software, and the INTEL-SA-00086 and INTEL-SA-00125 Detection Tools.\n\nOther high-severity bugs allow privilege escalation, including logic issues (CVE-2019-11105, CVE-2019-11131) in the subsystems for Intel CSME and Intel AMT; insufficient input validations (CVE-2019-11088, CVE-2019-11104) in the subsystem in Intel AMT, Intel TXE and the MEInfo software for Intel CSME; insufficient input validation for the firmware update software for Intel CSME (CVE-2019-11103); and improper directory permissions (CVE-2019-11097) in the installer for Intel Management Engine Consumer Driver for Windows and Intel TXE.\n\nRounding out the high-severity bugs is an insufficient input validation (CVE-2019-0131) in the subsystem in Intel AMT that could allow an unauthenticated user to carry out denial of service or information disclosure via adjacent access.\n\nIntel issued the update as part of its [monthly security-fix cadence](<https://threatpost.com/wp-admin/post.php?post=149034&action=edit>); it credited Daniel Moghimi and Berk Sunar from Worcester Polytechnic Institute, Thomas Eisenbarth from University of Lubeck, Nadia Heninger from University of California at San Diego, and Leon Nilges from n0xius and Jesse Michael from Eclypsium for uncovering 10 of the bugs.\n\n**_What are the top risks to modern enterprises in the peak era of data breaches? Find out: Join breach expert Chip Witt from SpyCloud and Threatpost senior editor Tara Seals, in our upcoming free _**[**_Threatpost webinar_**](<https://attendee.gotowebinar.com/register/3127445778613605890?source=ART>)**_, \u201cTrends in Fortune 1000 Breach Exposure.\u201d _**[**_Click here to register_**](<https://attendee.gotowebinar.com/register/3127445778613605890?source=ART>)**_._**\n", "cvss3": {}, "published": "2019-11-12T19:07:34", "type": "threatpost", "title": "Intel Warns of Critical Info-Disclosure Bug in Security Engine", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-0131", "CVE-2019-0169", "CVE-2019-11088", "CVE-2019-11097", "CVE-2019-11103", "CVE-2019-11104", "CVE-2019-11105", "CVE-2019-11131", "CVE-2019-11132", "CVE-2019-11147", "CVE-2020-24400", "CVE-2020-24407"], "modified": "2019-11-12T19:07:34", "id": "THREATPOST:BBFD6EC28ECCF701431C5F4A518DC1B5", "href": "https://threatpost.com/intel-critical-info-disclosure-bug-security-engine/150124/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T19:11:32", "description": "Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-18T22:15:00", "type": "cve", "title": "CVE-2019-11131", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11131"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-11131", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11131", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T19:11:32", "description": "Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-12-18T22:15:00", "type": "cve", "title": "CVE-2019-11132", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11132"], "modified": "2019-12-31T16:59:00", "cpe": [], "id": "CVE-2019-11132", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11132", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T19:11:17", "description": "Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-18T22:15:00", "type": "cve", "title": "CVE-2019-11088", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11088"], "modified": "2019-12-31T21:52:00", "cpe": [], "id": "CVE-2019-11088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11088", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T19:11:22", "description": "Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T22:15:00", "type": "cve", "title": "CVE-2019-11100", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11100"], "modified": "2020-01-02T18:34:00", "cpe": [], "id": "CVE-2019-11100", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11100", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T18:44:40", "description": "Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-18T22:15:00", "type": "cve", "title": "CVE-2019-0131", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0131"], "modified": "2020-01-02T18:33:00", "cpe": [], "id": "CVE-2019-0131", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0131", "cvss": {"score": 4.8, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T18:45:58", "description": "Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T22:15:00", "type": "cve", "title": "CVE-2019-0166", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0166"], "modified": "2020-01-02T18:34:00", "cpe": [], "id": "CVE-2019-0166", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0166", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "intel": [{"lastseen": "2022-05-09T11:49:03", "description": "## Summary: \n\nPotential security vulnerabilities in Intel\u00ae Converged Security and Manageability Engine (CSME), Intel\u00ae Server Platform Services (SPS), Intel\u00ae Trusted Execution Engine (TXE), Intel\u00ae Active Management Technology (AMT), Intel\u00ae Platform Trust Technology (PTT) and Intel\u00ae Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.\n\n## Vulnerability Details:\n\nCVEID: [CVE-2019-0169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0169>)\n\nDescription: Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.\n\nCVSS Base Score: 9.6 Critical\n\nCVSS Vector: [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2019-11132 ](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11132>)\n\nDescription: Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.\n\nCVSS Base Score: 8.4 High\n\nCVSS Vector: [CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H>)\n\nCVEID: [CVE-2019-11147](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11147>)\n\nDescription: Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 8.2 High\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>)\n\nCVEID:[CVE-2019-11105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11105>)\n\nDescription: Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.0 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access.\n\nCVSS Base Score: 7.9 High\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N>)\n\nCVEID: [CVE-2019-11088](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11088>)\n\nDescription: Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\n\nCVSS Base Score: 7.5 High\n\nCVSS Vector: [CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2019-11131](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11131>)\n\nDescription: Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.\n\nCVSS Base Score: 7.5 High\n\nCVSS Vector: [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2019-11104 ](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11104>)\n\nDescription: Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.3 High \n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2019-11097](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11097>)\n\nDescription: Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows* before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.0 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2019-11103](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11103>)\n\nDescription: Insufficient input validation in firmware update software for Intel\u00ae CSME before versions 12.0.45,13.0.0 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2019-0131](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0131>)\n\nDescription: Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H>)\n\nCVEID: [CVE-2019-11090](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11090>)\n\nDescription: Multiple cryptographic timing conditions in subsystem for Intel(R) Platform Trust Technology before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201, 14.0.10 Intel(R) TXE 3.1.65, 4.0.15, Intel(R) Server Platform Services before versions SPS_E3_05.01.03.089.0, SPS_E5_04.01.04.339.0, SPS_SoC-X_04.00.04.112.0, SPS_SoC-A_04.00.04.193.0, SPS_E3_04.01.04.088.0, SPS_E3_04.08.04.051.0 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nCVSS Base Score: 6.8 Medium\n\nCVSS Vector: [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N>)\n\nCVEID: [CVE-2019-0165](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0165>)\n\nDescription: Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.0 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H>)\n\nCVEID: [CVE-2019-0166](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0166>)\n\nDescription: Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.\n\nCVSS Base Score: 5.9 Medium\n\nCVSS Vector: [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N>)\n\nCVEID: [CVE-2019-0168](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0168>)\n\nDescription: Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.0; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 4.6 Medium\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N>)\n\nCVEID: [CVE-2019-11087](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11087>)\n\nDescription: Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access.\n\nCVSS Base Score: 6.4 Medium\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2019-11101](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11101>)\n\nDescription: Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>)\n\nCVEID: [CVE-2019-11100](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11100>)\n\nDescription: Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access.\n\nCVSS Base Score: 6.1 Medium\n\nCVSS Vector: [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H>)\n\nCVEID: [CVE-2019-11102](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11102>)\n\nDescription: Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 4.1 Medium\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N>)\n\nCVEID: [CVE-2019-11106](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11106>)\n\nDescription: Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>)\n\nCVEID: [CVE-2019-11107](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11107>)\n\nDescription: Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.\n\nCVSS Base Score: 5.3 Medium\n\nCVSS Vector: [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N>)\n\nCVEID: [CVE-2019-11109](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11109>)\n\nDescription: Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H>)\n\nCVEID: [CVE-2019-11110](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11110>)\n\nDescription: Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 4.1 Medium\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N>)\n\nCVEID: [CVE-2019-11086](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11086>)\n\nDescription: Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.\n\nCVSS Base Score: 3.5 Low\n\nCVSS Vector: [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N>)\n\nCVEID: [CVE-2019-11108](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11108>)\n\nDescription: Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 2.3 Low\n\nCVSS Vector: [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N>)\n\n## Affected Products:\n\n### Intel\u00ae CSME, Intel\u00ae AMT, Intel\u00ae DAL and Intel\u00ae DAL software\n\n**Updated Version**\n\n| \n\n**Replaces Version** \n \n---|--- \n \n11.8.70\n\n| \n\n11.0 thru 11.8.65 \n \n11.11.70\n\n| \n\n11.10 thru 11.11.65 \n \n11.22.70\n\n| \n\n11.20 thru 11.22.65 \n \n12.0.45\n\n| \n\n12.0 thru 12.0.35 \n \n13.0.0 or higher\n\n| \n\n13.0 \n \n14.0.10 or higher\n\n| \n\n14.0.0 \n \n### Intel\u00ae SPS\n\nIntel\u00ae Server Platform Services \n \n--- \n \nUpdated Intel\u00ae Server Platform Services Firmware Version\n\n| \n\nReplaces Intel\u00ae Server Platform Services Version \n \nSPS_E3_05.01.03.089.0\n\n| \n\nSPS_E3_05.00.00.000.0 thru SPS_E3_05.01.03.088.0 \n \nSPS_E5_04.01.04.339.0\n\n| \n\nSPS_E5_04.00.00.000.0 thru SPS_E5_04.01.04.338.0 \n \nSPS_SoC-X_04.00.04.112.0\n\n| \n\nSPS_SoC-X_04.00.00.000.0 thru\n\nSPS_SoC-X_04.00.04.111.0 \n \nSPS_SoC-A_04.00.04.193.0\n\n| \n\nSPS_SoC-A_04.00.00.000.0 thru\n\nSPS_SoC-A_04.00.04.192.0 \n \nSPS_E3_04.01.04.088.0\n\n| \n\nSPS_E3_04.01.00.000.0 thru SPS_E3_04.01.04.087.0 \n \nSPS_E3_04.08.04.051.0\n\n| \n\nSPS_E3_04.08.00.000.0 thru SPS_E3_04.08.04.050.0 \n \n### Intel\u00ae TXE\n\n**Updated Version**\n\n| \n\n**Replaces Version** \n \n---|--- \n \n3.1.70\n\n| \n\n3.0 thru 3.1.65 \n \n4.0.20\n\n| \n\n4.0 thru 4.0.15 \n \n## Recommendations:\n\nIntel recommends that users of Intel\u00ae CSME, Intel\u00ae SPS, Intel\u00ae TXE, Intel\u00ae AMT and Intel\u00ae DAL** **update to the latest version provided by the system manufacturer that addresses these issues.\n\n## Acknowledgements:\n\nIntel would like to thank Daniel Moghimi and Berk Sunar from Worcester Polytechnic Institute, Thomas Eisenbarth from University of Lubeck and Nadia Heninger from University of California at San Diego (CVE-2019-11090) for reporting this issue and working with us on coordinated disclosure.\n\nIntel would like to thank Leon Nilges from n0xius and Jesse Michael from Eclypsium (CVE-2019-11147) for reporting this issue and working with us on coordinated disclosure.\n\nThe additional issues were found internally by Intel employees. Intel would like to thank\n\nArie Haenel, Jakub Rozanski, Moshe Nagady, Moshe Wagner, Niv Israely, Oren Weil, Yaakov Cohen, Yanai Moyal and Yossef Kuszer.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "intel", "title": "2019.2 IPU \u2013 Intel\u00ae CSME, Intel\u00ae SPS, Intel\u00ae TXE, Intel\u00ae AMT, Intel\u00ae PTT and Intel\u00ae DAL Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-0131", "CVE-2019-0165", "CVE-2019-0166", "CVE-2019-0168", "CVE-2019-0169", "CVE-2019-11086", "CVE-2019-11087", "CVE-2019-11088", "CVE-2019-11090", "CVE-2019-11097", "CVE-2019-11100", "CVE-2019-11101", "CVE-2019-11102", "CVE-2019-11103", "CVE-2019-11104", "CVE-2019-11105", "CVE-2019-11106", "CVE-2019-11107", "CVE-2019-11108", "CVE-2019-11109", "CVE-2019-11110", "CVE-2019-11131", "CVE-2019-11132", "CVE-2019-11147"], "modified": "2019-11-12T00:00:00", "id": "INTEL:INTEL-SA-00241", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "lenovo": [{"lastseen": "2020-10-14T09:02:20", "description": "**Lenovo Security Advisory:** LEN-27716\n\n**Potential Impact**: Privilege escalation, denial of service, information disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2019-0131, CVE-2019-0165, CVE-2019-0166, CVE-2019-0168, CVE-2019-0169, CVE-2019-11086, CVE-2019-11087, CVE-2019-11088, CVE-2019-11090, CVE-2019-11097, CVE-2019-11100, CVE-2019-11101, CVE-2019-11102, CVE-2019-11103, CVE-2019-11104, CVE-2019-11105, CVE-2019-11106, CVE-2019-11107, CVE-2019-11108, CVE-2019-11109, CVE-2019-11110, CVE-2019-11131, CVE-2019-11132, CVE-2019-11147\n\n**Summary Description: **\n\nPotential security vulnerabilities in Intel Converged Security and Manageability Engine (Intel CSME), Server Platform Services, Intel Trusted Execution Engine (Intel TXE), Intel Active Management Technology (Intel AMT), and Intel Dynamic Application Loader (Intel DAL) may allow escalation of privilege, denial of service or information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel recommends updating Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology, and Dynamic Application Loader to the version (or newer) of firmware and software indicated for your model in the Product Impact section below.\n\n**Product Impact:**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-04T16:25:26", "type": "lenovo", "title": "Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology and Dynamic Application Loader Vulnerabilities - Lenovo Support US", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0165", "CVE-2019-11131", "CVE-2019-11101", "CVE-2019-11090", "CVE-2019-11106", "CVE-2019-11109", "CVE-2019-0131", "CVE-2019-11110", "CVE-2019-11103", "CVE-2019-0168", "CVE-2019-11087", "CVE-2019-11105", "CVE-2019-11108", "CVE-2019-11102", "CVE-2019-11100", "CVE-2019-0169", "CVE-2019-11147", "CVE-2019-11088", "CVE-2019-11097", "CVE-2019-11107", "CVE-2019-11104", "CVE-2019-11086", "CVE-2019-11132", "CVE-2019-0166"], "modified": "2020-06-12T20:07:10", "id": "LENOVO:PS500277-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500277", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hp": [{"lastseen": "2021-12-30T16:03:55", "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service, or Information Disclosure\n\n**Source**: Intel, HP, HP Product Security Response Team (PSRT) \n\n**Reported by**: Intel \n\n## VULNERABILITY SUMMARY\nMultiple security vulnerabilities have been identified by Intel.\n\nIntel is releasing updates for Intel\u00ae CSME, Server Platform Services, TXE, Intel\u00ae AMT and Intel\u00ae DAL to mitigate these vulnerabilities.\n\n## RESOLUTION\nHP has identified the affected platforms and target dates for Softpaqs. See the affected platforms listed below.\n", "cvss3": {}, "published": "2019-11-09T00:00:00", "type": "hp", "title": "HPSBHF03637 rev. 3 - Intel 2019.2 IPU CSME SPS TXE AMT Security Updates", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-0169", "CVE-2019-11132", "CVE-2019-11147", "CVE-2019-11105", "CVE-2019-11131", "CVE-2019-11088", "CVE-2019-11103", "CVE-2019-11104", "CVE-2019-11097", "CVE-2019-0131", "CVE-2019-11090", "CVE-2019-11087", "CVE-2019-11100", "CVE-2019-0166", "CVE-2019-11107", "CVE-2019-0168", "CVE-2019-0165", "CVE-2019-11101", "CVE-2019-11106", "CVE-2019-11109", "CVE-2019-11102", "CVE-2019-11110", "CVE-2019-11086", "CVE-2019-11108"], "modified": "2020-03-04T00:00:00", "id": "HP:C06501966", "href": "https://support.hp.com/us-en/document/c06501966", "cvss": {"score": "9.6", "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/"}}], "nessus": [{"lastseen": "2022-06-16T15:39:10", "description": "According to its self-reported version, the remote Junos OS device is affected by multiple vulnerabilities in the BIOS firmware, including the following:\n\n - Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. (CVE-2019-11131)\n\n - Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. (CVE-2019-0169)\n\n - Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. (CVE-2019-11107)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-28T00:00:00", "type": "nessus", "title": "Juniper Junos NFX150 Multiple Vulnerabilities (JSA11026)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0131", "CVE-2019-0165", "CVE-2019-0166", "CVE-2019-0168", "CVE-2019-0169", "CVE-2019-11086", "CVE-2019-11087", "CVE-2019-11088", "CVE-2019-11090", "CVE-2019-11097", "CVE-2019-11100", "CVE-2019-11101", "CVE-2019-11102", "CVE-2019-11103", "CVE-2019-11104", "CVE-2019-11105", "CVE-2019-11106", "CVE-2019-11107", "CVE-2019-11108", "CVE-2019-11109", "CVE-2019-11110", "CVE-2019-11131", "CVE-2019-11132", "CVE-2019-11147"], "modified": "2020-10-13T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA11026.NASL", "href": "https://www.tenable.com/plugins/nessus/139033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139033);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/13\");\n\n script_cve_id(\n \"CVE-2019-0131\",\n \"CVE-2019-0165\",\n \"CVE-2019-0166\",\n \"CVE-2019-0168\",\n \"CVE-2019-0169\",\n \"CVE-2019-11086\",\n \"CVE-2019-11087\",\n \"CVE-2019-11088\",\n \"CVE-2019-11090\",\n \"CVE-2019-11097\",\n \"CVE-2019-11100\",\n \"CVE-2019-11101\",\n \"CVE-2019-11102\",\n \"CVE-2019-11103\",\n \"CVE-2019-11104\",\n \"CVE-2019-11105\",\n \"CVE-2019-11106\",\n \"CVE-2019-11107\",\n \"CVE-2019-11108\",\n \"CVE-2019-11109\",\n \"CVE-2019-11110\",\n \"CVE-2019-11131\",\n \"CVE-2019-11132\",\n \"CVE-2019-11147\"\n );\n script_xref(name:\"JSA\", value:\"JSA11026\");\n\n script_name(english:\"Juniper Junos NFX150 Multiple Vulnerabilities (JSA11026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the remote Junos OS device is affected by multiple vulnerabilities in the BIOS\nfirmware, including the following:\n\n - Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow\n an unauthenticated user to potentially enable escalation of privilege via network access. (CVE-2019-11131)\n\n - Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R)\n TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation\n of privileges, information disclosure or denial of service via adjacent access. (CVE-2019-0169)\n\n - Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an\n unauthenticated user to potentially enable escalation of privilege via network access. (CVE-2019-11107)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7899cffc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/JSA11026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release referenced in Juniper advisory JSA11026\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11131\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Host/Juniper/model\");\n\n exit(0);\n}\n\ninclude('junos.inc');\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nfixes = make_array();\n\nif ('NFX150' >!< toupper(model))\n audit(AUDIT_HOST_NOT, 'an affected model');\n\nif (ver !~ \"^([0-9]|1[0-8])\\.\" &&\n ver !~ \"^19\\.[0-3]\" &&\n ver !~ \"^19\\.4($|R[01])\" &&\n ver !~ \"^20\\.1($|R[01])\"\n )\n audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);\n\nfix = '19.4R2 / 20.1R2 or later';\n\nreport = get_report(ver:ver, fix:fix);\nsecurity_report_v4(severity:SECURITY_HOLE, port:0, extra:report, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)
