CVE-2019-11147

3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 57.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware Intel Trusted Execution Engine Firmware Intel Intel-sa-00125 Detection Tool +1 more

Timeline

PublishedDec 18

Latest updateMay 24

Description

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDintel/sa-00086_detection_tool1.2.7.0

▶NVDintel/intel-sa-00125_detection_tool1.0.45.0

▶CVEListV5intel(r)_csmeSee provided reference

▶NVDintel/trusted_execution_engine_firmware3.0 — 3.1.70+1

▶NVDintel/converged_security_management_engine_firmware11.0 — 11.8.70+5

🔴Vulnerability Details

GHSA

GHSA-r525-qf5f-c3jm: Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11↗2022-05-24

▶

CVEList

CVE-2019-11147: Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11↗2019-12-18

▶