CVE-2019-0153Improper Restriction of Operations within the Bounds of a Memory Buffer in Intel Converged Security Management Engine Firmware

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 31.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel Converged Security Management Engine Firmware
Timeline
PublishedMay 17
Latest updateMay 24

Description

Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cxm8-p7cm-8rf5: Buffer overflow in subsystem in Intel(R) CSME before version 122022-05-24
CVEList
CVE-2019-0153: Buffer overflow in subsystem in Intel(R) CSME 122019-05-17
CVE-2019-0153 — Intel vulnerability | cvebase