Insufficient Access Control in Intel(R) CSME and Server Platform Services
CVE-2019-0090

7.1HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Converged Security & Management Engine (csme), Intel(r) Server Platform Services (sps)
Vendor: CVE Published:; 17 May 2019

Summary

An insufficient access control vulnerability exists in the Intel(R) CSME, TXE, and Server Platform Services prior to specific versions. This flaw could allow an unauthenticated user with physical access to exploit the vulnerability and potentially escalate privileges, posing significant security risks to affected systems.

Affected Version(s)

Intel(R) Converged Security & Management Engine (CSME), Intel(R) Server Platform Services (SPS) CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://support.f5.com/csp/article/K59145983

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 17, 2019
Vulnerability Reserved
Nov 13, 2018