CVE-2019-0086

EUVD-2019-0893
Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
intelconverged_security_management_engine_firmware
11.0 ≤
𝑥
< 11.8.65
intelconverged_security_management_engine_firmware
11.10 ≤
𝑥
< 11.11.65
intelconverged_security_management_engine_firmware
11.20 ≤
𝑥
< 11.22.65
intelconverged_security_management_engine_firmware
12.0 ≤
𝑥
< 12.0.35
inteltrusted_execution_engine_firmware
3.0 ≤
𝑥
< 3.1.65
inteltrusted_execution_engine_firmware
4.0 ≤
𝑥
≤ 4.0.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://danishcyberdefence.dk/blog/dal
https://support.f5.com/csp/article/K35815741
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
https://danishcyberdefence.dk/blog/dal
https://support.f5.com/csp/article/K35815741
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html