Buffer Overflow Vulnerability in Intel CSME Products
CVE-2019-0153

9.8CRITICAL

Key Information:

Vendor: Intel
Status: Intel(r) Converged Security & Management Engine (csme)
Vendor: CVE Published:; 17 May 2019

Summary

A buffer overflow vulnerability exists within the Intel CSME subsystem, present in versions 12.0.0 through 12.0.34. This flaw may allow an unauthenticated user to exploit the vulnerability remotely, potentially leading to privilege escalation. It is crucial for users of affected products to apply the recommended updates to mitigate associated risks.

Affected Version(s)

Intel(R) Converged Security & Management Engine (CSME) Versions before 12.0.35.

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://support.f5.com/csp/article/K71265658

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2019
Vulnerability Reserved
Nov 13, 2018