Insufficient Data Sanitization Vulnerability in Intel CSME and SPS Systems
CVE-2019-0093
4.4MEDIUM
Key Information:
- Vendor
Intel
- Status
- Vendor
- CVE Published:
- 17 May 2019
What is CVE-2019-0093?
A significant vulnerability in the Intel HECI subsystem affects the CSME and SPS products, due to insufficient data sanitization. This flaw allows a privileged user to potentially disclose sensitive information through local access. Users operating under these affected versions are urged to evaluate their systems and apply necessary updates to safeguard against potential exploits.
Affected Version(s)
Intel(R) Converged Security & Management Engine (CSME), Intel(R) Server Platform Services (SPS) Versions before 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0.