Improper Data Sanitization in Intel SPS Products
CVE-2019-0089

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Server Platform Services (sps)
Vendor: CVE Published:; 17 May 2019

Summary

An improper data sanitization vulnerability exists in a subsystem of Intel SPS products, which may allow an attacker with local access and sufficient privileges to escalate their privileges and potentially execute unauthorized commands. This issue could expose systems to further security risks, as users with elevated privileges may gain modifications to sensitive configurations and data.

Affected Version(s)

Intel(R) Server Platform Services (SPS) Versions before SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0.

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://support.f5.com/csp/article/K47234311

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2019
Vulnerability Reserved
Nov 13, 2018