CVE-2019-11147

Published: Dec 18, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected (10)

Products: Intel: Converged Security Management Engine Firmware, Intel Sa 00125 Detection Tool, Sa 00086 Detection Tool, Trusted Execution Engine Firmware

Intel

4 products

Converged Security Management Engine Firmware

Intel Sa 00125 Detection Tool

Sa 00086 Detection Tool

Trusted Execution Engine Firmware

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Intel Converged Security Management Engine Firmware	From 11.0 to 11.8.70
Intel Converged Security Management Engine Firmware	From 11.10 to 11.11.70
Intel Converged Security Management Engine Firmware	From 11.20 to 11.22.70
Intel Converged Security Management Engine Firmware	From 12.0 to 12.0.45
Intel Converged Security Management Engine Firmware	From 13.0 to 13.0.0
Intel Converged Security Management Engine Firmware	From 14.0.0 to 14.0.10
Intel Intel Sa 00125 Detection Tool	Up to 1.0.45.0
Intel Sa 00086 Detection Tool	Up to 1.2.7.0
Intel Trusted Execution Engine Firmware	From 3.0 to 3.1.70
Intel Trusted Execution Engine Firmware	From 4.0 to 4.0.20

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.