CVE-2019-0091

EPSS 0.12%
Veröffentlicht 17.05.2019 16:29:01
Zuletzt bearbeitet 21.11.2024 04:16:12
Quelle secure@intel.com
Teams Watchlist Login
Unerledigt Login

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Intel ≫ Converged Security And Management Engine Version >= 11.8.0 < 11.8.65

Intel ≫ Converged Security And Management Engine Version >= 11.11.0 < 11.11.65

Intel ≫ Converged Security And Management Engine Version >= 11.22.0 < 11.22.65

Intel ≫ Converged Security And Management Engine Version >= 12.0 < 12.0.35

Intel ≫ Trusted Execution Technology Version >= 3.1.0 < 3.1.65

Intel ≫ Trusted Execution Technology Version >= 4.0 < 4.0.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.315

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html

Vendor Advisory

https://support.f5.com/csp/article/K21423526

https://nvd.nist.gov/vuln/detail/CVE-2019-0091

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-0091

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-0091

EUVD