CVE-2019-0093

Published: May 17, 2019Modified: Nov 21, 2024

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.

Affected (4)

Products: Intel: Converged Security And Management Engine

Intel

1 product

Converged Security And Management Engine

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Intel Converged Security And Management Engine	From 11.11.0 to 11.11.65
Intel Converged Security And Management Engine	From 11.22.0 to 11.22.65
Intel Converged Security And Management Engine	From 11.8.0 to 11.8.65
Intel Converged Security And Management Engine	From 12.0 to 12.0.35

References (4)

https://support.f5.com/csp/article/K13710800

Source: secure@intel.com

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html

Source: secure@intel.com

Vendor Advisory

https://support.f5.com/csp/article/K13710800

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.