Intel Converged Security And Management Engine vulnerabilities

5 known vulnerabilities affecting intel/converged_security_and_management_engine.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-8744HIGHCVSS 7.8fixed in 12.0.70≥ 13.0.0, < 13.0.40+3 more2020-11-12
CVE-2020-8744 [HIGH] CWE-665 CVE-2020-8744: Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14 Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2020-8755MEDIUMCVSS 6.4fixed in 12.0.70≥ 14.0.0, < 14.0.452020-11-12
CVE-2020-8755 [MEDIUM] CWE-362 CVE-2020-8755: Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS vers Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
nvd
CVE-2019-0091HIGHCVSS 7.8≥ 11.8.0, < 11.8.65≥ 11.11.0, < 11.11.65+2 more2019-05-17
CVE-2019-0091 [HIGH] CWE-94 CVE-2019-0091: Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22 Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2019-0090HIGHCVSS 7.1fixed in 12.0.352019-05-17
CVE-2019-0090 [HIGH] CVE-2019-0090: Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0. Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
nvd
CVE-2019-0093MEDIUMCVSS 4.4≥ 11.8.0, < 11.8.65≥ 11.11.0, < 11.11.65+2 more2019-05-17
CVE-2019-0093 [MEDIUM] CVE-2019-0093: Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11. Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.
nvd