Insufficient Access Control in Intel Dynamic Application Loader Software
CVE-2019-0086

7.8HIGH

Key Information:

Vendor
Intel
Status
Intel(r) Converged Security & Management Engine (csme) Dynamic Application Loader, Intel (r) Trusted Execution Engine Interface (txe)
Vendor
CVE Published:
17 May 2019

Summary

An insufficient access control vulnerability exists in the Dynamic Application Loader for Intel software. Unprivileged users may exploit this vulnerability to escalate their privileges through local access, potentially compromising system integrity. The affected versions include Intel CSME prior to 11.8.65 and certain releases thereafter, as well as specific versions of Intel TXE.

Affected Version(s)

Intel(R) Converged Security & Management Engine (CSME) Dynamic Application Loader, Intel (R) Trusted Execution Engine Interface (TXE) Versions before CSME 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://support.f5.com/csp/article/K35815741
x_refsource_CONFIRM
https://danishcyberdefence.dk/blog/dal
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.