Privilege escalation

Modification of assumed-immutable data in subsystem in IntelR CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

Input validation

Improper input validation in subsystem for IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2020-0541

Out-of-bounds write in subsystem for IntelR CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access...

Input validation

Improper input validation in the DAL subsystem for IntelR CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and IntelR TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access...

Design/Logic Flaw

Improper buffer restrictions in subsystem for IntelR CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access...

CVE-2019-14598

Improper Authentication in subsystem in IntelR CSME versions 12.0 through 12.0.48 IOT only: 12.0.56, versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access...

CVE-2019-11106

Insufficient session validation in the subsystem for IntelR CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access...

Input validation

Insufficient input validation in the subsystem for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of...

Input validation

Insufficient input validation in IntelR DAL software for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access...

Design/Logic Flaw

Insufficient data sanitization vulnerability in HECI subsystem for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR SPS before version SPSE305.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access...

Code injection

Code injection vulnerability in installer for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access...

CVE-2019-0091

Code injection vulnerability in installer for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access...