Intel Converged Security Management Engine Firmware vulnerabilities

44 known vulnerabilities affecting intel/converged_security_management_engine_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH15MEDIUM28

Vulnerabilities

Page 1 of 3

CVE-2022-36392HIGHCVSS 7.5fixed in 11.12.94fixed in 11.8.94+5 more2023-08-11

CVE-2022-36392 [HIGH] CWE-20 CVE-2022-36392: Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability befo Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.

nvd

CVE-2022-29871HIGHCVSS 7.8fixed in 11.12.94fixed in 11.8.94+11 more2023-08-11

CVE-2022-29871 [MEDIUM] CWE-284 CVE-2022-29871: Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2022-38102MEDIUMCVSS 4.4fixed in 16.1.27fixed in 15.0.452023-08-11

CVE-2022-38102 [HIGH] CWE-20 CVE-2022-38102: Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine bef Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.

nvd

CVE-2020-0534HIGHCVSS 7.5≥ 12.0, < 12.0.64≥ 13.0, < 13.0.32+2 more2020-06-15

CVE-2020-0534 [HIGH] CWE-20 CVE-2020-0534: Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 1 Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.

nvd

CVE-2020-0536HIGHCVSS 7.5≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+4 more2020-06-15

CVE-2020-0536 [HIGH] CWE-20 CVE-2020-0536: Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

nvd

CVE-2020-0542HIGHCVSS 7.8≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+5 more2020-06-15

CVE-2020-0542 [HIGH] CVE-2020-0542: Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.3 Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

nvd

CVE-2020-0545MEDIUMCVSS 4.4≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+1 more2020-06-15

CVE-2020-0545 [MEDIUM] CWE-190 CVE-2020-0545: Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Inte Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to po

nvd

CVE-2020-0533MEDIUMCVSS 6.7≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+1 more2020-06-15

CVE-2020-0533 [MEDIUM] CWE-326 CVE-2020-0533: Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

nvd

CVE-2020-0541MEDIUMCVSS 6.7≥ 12.0, < 12.0.64≥ 13.0, < 13.0.32+2 more2020-06-15

CVE-2020-0541 [MEDIUM] CWE-787 CVE-2020-0541: Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14. Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.

nvd

CVE-2020-0539MEDIUMCVSS 5.5≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+4 more2020-06-15

CVE-2020-0539 [MEDIUM] CWE-22 CVE-2020-0539: Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11. Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

nvd

CVE-2019-14598MEDIUMCVSS 6.7≥ 12.0, < 12.0.48≥ 12.0, < 12.0.56+2 more2020-02-13

CVE-2019-14598 [MEDIUM] CWE-287 CVE-2019-14598: Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0. Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

nvd

CVE-2019-0169HIGHCVSS 8.8≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+2 more2019-12-18

CVE-2019-0169 [HIGH] CWE-787 CVE-2019-0169: Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; In Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.

nvd

CVE-2019-11104HIGHCVSS 7.8≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+4 more2019-12-18

CVE-2019-11104 [HIGH] CWE-20 CVE-2019-11104: Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70 Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2019-11103HIGHCVSS 7.8≥ 12.0, < 12.0.45≥ 13.0, < 13.0.10+1 more2019-12-18

CVE-2019-11103 [HIGH] CWE-20 CVE-2019-11103: Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45, Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2019-11147HIGHCVSS 7.8≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+4 more2019-12-18

CVE-2019-11147 [HIGH] CVE-2019-11147: Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME bef Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow

nvd

CVE-2019-0168MEDIUMCVSS 4.4≥ 11.0, < 11.8.70≥ 12.0, < 12.0.45+1 more2019-12-18

CVE-2019-0168 [MEDIUM] CWE-20 CVE-2019-0168: Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 an Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.

nvd

CVE-2019-11110MEDIUMCVSS 6.7≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+4 more2019-12-18

CVE-2019-11110 [MEDIUM] CVE-2019-11110: Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70 Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.

nvd

CVE-2019-11087MEDIUMCVSS 6.7≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+4 more2019-12-18

CVE-2019-11087 [MEDIUM] CWE-20 CVE-2019-11087: Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

nvd

CVE-2019-11108MEDIUMCVSS 6.7≥ 12.0, < 12.0.45≥ 13.0, < 13.0.102019-12-18

CVE-2019-11108 [MEDIUM] CWE-20 CVE-2019-11108: Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.

nvd

CVE-2019-11101MEDIUMCVSS 4.4≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+4 more2019-12-18

CVE-2019-11101 [MEDIUM] CWE-20 CVE-2019-11101: Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.

nvd

1 / 3Next →