← Back

CVE-2019-0086

nvd nist
Published: May 17, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

Affected (6)

Intel
2 products
Converged Security Management Engine Firmware
Trusted Execution Engine Firmware
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Intel
Converged Security Management Engine Firmware
From 11.0 to 11.8.65
Converged Security Management Engine Firmware
From 11.10 to 11.11.65
Converged Security Management Engine Firmware
From 11.20 to 11.22.65
Converged Security Management Engine Firmware
From 12.0 to 12.0.35
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Intel
Trusted Execution Engine Firmware
From 3.0 to 3.1.65
Trusted Execution Engine Firmware
From 4.0 to 4.0.15

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

Source: secure@intel.com
Source: secure@intel.com
Source: secure@intel.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.