Insufficient Input Validation in Intel AMT Subsystem
CVE-2019-0092

6.8MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Active Management Technology (amt)
Vendor: CVE Published:; 17 May 2019

Summary

The vulnerability in Intel Active Management Technology (AMT) arises due to insufficient input validation within the subsystem, which can be exploited by an unauthenticated user with physical access. This flaw may allow an attacker to escalate their privileges, potentially leading to unauthorized access and control over the affected system. Systems running versions prior to 11.8.65, along with specific versions up to 12.0.35, are susceptible to this risk. Users are encouraged to apply the available patches to mitigate any potential security threats. For more details, refer to the official Intel security advisory.

Affected Version(s)

Intel(R) Active Management Technology (AMT) Versions before 11.8.65, 11.11.65, 11.22.65, 12.0.35.

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://support.f5.com/csp/article/K84591451

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2019
Vulnerability Reserved
Nov 13, 2018