HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2019-0091

CVSS 7.8v3.0pub. 2019-05-17upd. 2024-11-21

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Intel Converged Security And Management Engine

    APP
    Intel
    11.8.0 – 11.8.65 (bez)11.11.0 – 11.11.65 (bez)11.22.0 – 11.22.65 (bez)12.0 – 12.0.35 (bez)
  • Intel Trusted Execution Technology

    APP
    Intel
    3.1.0 – 3.1.65 (bez)4.0 – 4.0.15 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2020-8744HIGH7.8ten sam produkt

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and ...

CVE-2020-12297HIGH7.8ten sam produkt

Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 1...

CVE-2020-12303HIGH7.8ten sam produkt

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.4...

CVE-2019-0090HIGH7.1ten sam produkt

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R...

CVE-2009-0066HIGH7.6ten sam produkt

Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow att...