Insufficient Input Validation in Intel CSME and TXE Products
CVE-2019-0168

4.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Csme, Intel(r) Txe
Vendor: CVE Published:; 18 December 2019

Summary

The identified vulnerability in Intel's CSME and TXE products stems from insufficient input validation within the subsystem. This issue can potentially allow a privileged user, with local access, to exploit the flaw and enable unauthorized information disclosure. It's essential for users of affected versions to apply the latest updates to mitigate this risk.

Affected Version(s)

Intel(R) CSME, Intel(R) TXE See provided reference

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Nov 13, 2018