Buffer Overflow Vulnerability in Intel CSME Products
CVE-2019-0153

9.8CRITICAL

Key Information:

Vendor
Intel
Vendor
CVE Published:
17 May 2019

Summary

A buffer overflow vulnerability exists within the Intel CSME subsystem, present in versions 12.0.0 through 12.0.34. This flaw may allow an unauthenticated user to exploit the vulnerability remotely, potentially leading to privilege escalation. It is crucial for users of affected products to apply the recommended updates to mitigate associated risks.

Affected Version(s)

Intel(R) Converged Security & Management Engine (CSME) Versions before 12.0.35.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.