27 matches found
CVE-2019-0086
CVE-2019-0086 is an insufficient access control vulnerability in Intel CSME/DAL and TXE that could let an unprivileged local user escalate privileges. Affected: Intel CSME before 11.8.65/11.11.65/11.22.65, 12.0.35 and Intel TXE 3.1.65, 4.0.15. Impact: local privilege escalation; exploitation requ...
CVE-2019-0098
CVE-2019-0098 is a logic bug in Intel CSME (before 12.0.35) and TXE (before 3.1.65, 4.0.15) that may allow an unauthenticated user to escalate privileges via physical access. Connected docs corroborate affected Intel subsystems (CSME, SPS, TXE, DAL, AMT) and note mitigation paths: Intel’s advisor...
CVE-2019-11090
CVE-2019-11090 relates to cryptographic timing conditions in Intel components (CSME, SPS, TXE, AMT, PTT and DAL) that may allow an unauthenticated attacker to disclose information over the network. Affected are Intel CSME before 11.8.70/11.11.70/11.22.70 and 12.0.45; 13.0.0 and 14.0.10; Intel TXE...
CVE-2019-11102
CVE-2019-11102 involves insufficient input validation in Intel DAL software for Intel CSME/AMT/TXE; a privileged/local attacker could potentially trigger information disclosure. Affected products span Intel CSME, Intel AMT, Intel TXE, and Intel DAL, with vulnerable Intel CSME/TXE/DAL versions pri...
CVE-2019-0168
CVE-2019-0168 affects Intel CSME and TXE subsystems (also involving AMT/SPS/DAL) due to insufficient input validation in the subsystem. The issue potentially allows a privileged user to escalate privileges or disclose information via local access. Fixes exist: Intel/partners list updated firmware...
CVE-2019-11147
CVE-2019-11147 involvesInsufficient access control in the Intel CSME hardware abstraction driver (MEInfo) and related TXE/Detection Tool components, potentially allowing an authenticated user to escalate privileges via local access. Red Hat and CVE records describe the same issue and list affecte...
CVE-2019-11106
CVE-2019-11106 affects Intel CSME, TXE, AMT and related components. The issue is insufficient session validation in Intel CSME subsystems (and related TXE/AMT subsystems), potentially allowing a local attacker to escalate privileges. Affects CSME versions prior to 11.8.70, 12.0.45, 13.0.10 and 14...
CVE-2019-0169
CVE-2019-0169 is a hardware/firmware vulnerability affecting Intel CSME and TXE subsystems (and related Intel AMT/SPS/DAL components). The issue is a heap overflow in the CSME/TXE subsystems that may allow an unauthenticated user to escalate privileges, disclose information, or cause a denial of ...
CVE-2019-11097
CVE-2019-11097 records improper directory permissions in the installer for Intel® Management Engine Consumer Driver for Windows (pre-11.8.70/11.11.70/11.22.70/12.0.45/13.0.10/14.0.10) and Intel® TXE (pre-3.1.70/4.0.20). This may allow an authenticated local user to escalate privileges. Affected c...
CVE-2019-11104
CVE-2019-11104 concerns Intel CSME MEInfo and Intel TXE. Insufficient input validation in MEInfo before 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; and in TXE before 3.1.70 and 4.0.20, may allow an authenticated user to escalate privileges via local access. Related Red Hat/Lenovo e...
CVE-2019-11101
CVE-2019-11101 involves insufficient input validation in the Intel CSME and TXE subsystems (and related AMT/DAL components). Affected are Intel CSME before 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10, 14.0.10 and Intel TXE before 3.1.70 and 4.0.20. The issue may allow a privileged user to discl...
CVE-2019-11087
This CVE affects Intel CSME, AMT, SPS, TXE and related DAL components. Root cause: insufficient input validation in the Intel CSME/TXE subsystems. Affected versions include Intel CSME before 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel TXE before 3.1.70 and 4.0.20. Conditions ...
CVE-2019-11110
CVE-2019-11110 is an authentication bypass affecting Intel CSME and TXE subsystems. Public sources (Intel advisory and Red Hat/Lenovo summaries) describe: Affects Intel CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10, 14.0.10 and Intel TXE before versions 3.1.70 and 4.0.20. Pri...
CVE-2017-5707
CVE-2017-5707 corresponds to multiple kernel-level buffer overflows in Intel Trusted Execution Engine Firmware 3.0 that allow a local attacker to execute arbitrary code. The vulnerability is rooted in buffer overflow issues within the TXE kernel, with exploitation requiring local system access. T...
CVE-2020-0539
CVE-2020-0539 describes a path traversal vulnerability in Intel CSME/DAL subsystems (and related TXE) that may allow an unprivileged local user to cause denial of service. Affected are Intel CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel TXE versions before ...
CVE-2020-0566
CVE-2020-0566 concerns Intel TXE (Trusted Execution Engine) with improper access control in the subsystem. The provided documents identify affected TXE versions prior to 3.175 and 4.0.25, enabling an unauthenticated user to potentially escalate privileges via physical access. The Intel INTEL-SA-0...
CVE-2018-12147
CVE-2018-12147 affects Intel CSME (HECI) subsystem, Intel SPS, and TXE firmware. The issue is insufficient input validation that may allow a privileged user to escalate local privileges. Vulnerable states are Intel CSME before 11.21.55, SPS before 4.0 (Purley/Bakerville), and TXE firmware before ...
CVE-2020-0536
CVE-2020-0536 affects Intel CSME DAL subsystem and Intel TXE: improper input validation may allow an unauthenticated network-access information disclosure. Affected versions are CSME before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and TXE before 3.1.75 and 4.0.25. Intel and Lenovo a...
CVE-2017-5710
CVE-2017-5710 describes multiple privilege escalations in Intel Trusted Execution Engine (TXE) Firmware 3.0 kernels that allow an unauthorized process to access privileged content via an unspecified vector. The incident is tied to TXE alongside other Intel ME/SPS vulnerabilities (Intel-SA-00086 f...
CVE-2018-12190
CVE-2018-12190 affects Intel CSME, Server Platform Services, TXE and AMT. The issue is insufficient input validation in Intel CSME subsystem (before 11.8.60, 11.11.60, 11.22.60 or 12.0.20) or Intel TXE (before 3.1.60 or 4.0.10) that may allow a privileged user to escalate privileges via local acc...
CVE-2018-12191
The CVE-2018-12191 issue affects Intel CSME, Intel Server Platform Services (SPS), and Intel TXE/AMT. It is a bounds-check vulnerability in the Kernel subsystem that could allow an unauthenticated user with physical access to potentially execute arbitrary code. Affected versions are: Intel CSME b...
CVE-2018-3659
CVE-2018-3659 affects Intel PTT in Intel CSME firmware prior to 12.0.5 and TXE firmware prior to 4.0, allowing potential information disclosure with physical access. Affected products include Intel CSME and TXE implementations; root cause is in the PTT module itself. Mitigation is to update to th...
CVE-2018-12189
The CVE-2018-12189 issue affects Intel CSME (and related TXE) with an unhandled exception in the Content Protection subsystem that may allow a privileged local user to modify data. Affected firmware ranges include CSME pre-11.8.60 / 11.11.60 / 11.22.60 / 12.0.20 and TXE before 3.1.60 or 4.0.10. I...
CVE-2018-3655
The CVE-2018-3655 issue affects Intel CSME firmware before 11.21.55, Intel SPS before 4.0, and Intel TXE firmware before 3.1.55. The vulnerability allows an unauthenticated user with physical access to potentially modify or disclose information stored in the CSME/SPS/TXE subsystems. Exploitation ...
CVE-2018-12188
CVE-2018-12188: In Intel CSME (and related TXE/AMS components) there is insufficient input validation prior to specific firmware versions (CSME <11.8.60/11.11.60/11.22.60/12.0.20; TXE
CVE-2018-12199
CVE-2018-12199 is a buffer overflow in Intel CSME/TXE components that could let a privileged user execute arbitrary code with physical access. The affected software ranges include Intel CSME before 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE before 3.1.60 or 4.0.10. Intel’s advisory (INT...
CVE-2018-12208
Intel CVE-2018-12208 is a buffer overflow in the HECI subsystem affecting Intel CSME, TXE, and SPS prior to specified fixed versions. The Intel advisory INTEL-SA-00185 documents the issue, listing affected products and firmware families (CSME before 11.8.60/11.11.60/11.22.60 or 12.0.20; TXE befor...