Insufficient Data Sanitization Vulnerability in Intel CSME and SPS Systems
CVE-2019-0093

4.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Converged Security & Management Engine (csme), Intel(r) Server Platform Services (sps)
Vendor: CVE Published:; 17 May 2019

Summary

A significant vulnerability in the Intel HECI subsystem affects the CSME and SPS products, due to insufficient data sanitization. This flaw allows a privileged user to potentially disclose sensitive information through local access. Users operating under these affected versions are urged to evaluate their systems and apply necessary updates to safeguard against potential exploits.

Affected Version(s)

Intel(R) Converged Security & Management Engine (CSME), Intel(R) Server Platform Services (SPS) Versions before 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0.

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://support.f5.com/csp/article/K13710800

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2019
Vulnerability Reserved
Nov 13, 2018