Code Injection Vulnerability in Intel CSME and TXE Products
CVE-2019-0091

7.8HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Converged Security & Management Engine (csme), Intel (r) Trusted Execution Engine Interface (txe)
Vendor: CVE Published:; 17 May 2019

Summary

A code injection vulnerability exists in the installer for Intel CSME and Intel TXE, which may enable an unprivileged user to escalate their privileges through local access. Affected versions include CSME versions earlier than 11.8.65, 11.11.65, 11.22.65, and 12.0.35, as well as TXE versions prior to 3.1.65 and 4.0.15. Users are advised to update to the latest versions to mitigate this risk.

Affected Version(s)

Intel(R) Converged Security & Management Engine (CSME), Intel (R) Trusted Execution Engine Interface (TXE) Versions before CSME 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15.

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://support.f5.com/csp/article/K21423526

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2019
Vulnerability Reserved
Nov 13, 2018