Lucene search

PRIOn knowledge basePRION:CVE-2019-14598

HistoryFeb 13, 2020 - 7:15 p.m.

Authentication flaw

2020-02-1319:15:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.6%

JSON

Improper Authentication in subsystem in Intel® CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

CPENameOperatorVersion
converged_security_management_engine_firmwarege12.0
converged_security_management_engine_firmwarelt12.0.56
converged_security_management_engine_firmwarege12.0
converged_security_management_engine_firmwarelt12.0.48
converged_security_management_engine_firmwarege13.0
converged_security_management_engine_firmwarelt13.0.20
converged_security_management_engine_firmwarege14.0
converged_security_management_engine_firmwarelt14.0.10

Name	Operator	Version
converged_security_management_engine_firmware	ge	12.0
converged_security_management_engine_firmware	lt	12.0.56
converged_security_management_engine_firmware	ge	12.0
converged_security_management_engine_firmware	lt	12.0.48
converged_security_management_engine_firmware	ge	13.0
converged_security_management_engine_firmware	lt	13.0.20
converged_security_management_engine_firmware	ge	14.0
converged_security_management_engine_firmware	lt	14.0.10

References

security.netapp.com/advisory/ntap-20200221-0005/

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00307.html

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for PRION:CVE-2019-14598