CVE-2019-0091

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
17/05/2019
Last modified:
20/06/2019

Description

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:* 11.8.0 (including) 11.8.65 (excluding)
cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:* 11.11.0 (including) 11.11.65 (excluding)
cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:* 11.22.0 (including) 11.22.65 (excluding)
cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:* 12.0 (including) 12.0.35 (excluding)
cpe:2.3:a:intel:trusted_execution_technology:*:*:*:*:*:*:*:* 3.1.0 (including) 3.1.65 (excluding)
cpe:2.3:a:intel:trusted_execution_technology:*:*:*:*:*:*:*:* 4.0 (including) 4.0.15 (excluding)