CVE-2019-14598 — Improper Authentication in Intel Converged Security Management Engine Firmware

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.3%

top 51.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware

Timeline

PublishedFeb 13

Latest updateMay 24

Description

Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

▶NVDintel/converged_security_management_engine_firmware12.0 — 12.0.48+3

🔴Vulnerability Details

GHSA

GHSA-hprw-m99v-ppgf: Improper Authentication in subsystem in Intel(R) CSME versions 12↗2022-05-24

▶

CVEList

CVE-2019-14598: Improper Authentication in subsystem in Intel(R) CSME versions 12↗2020-02-13

▶