Insufficient Input Validation in Intel CSME and TXE Products
CVE-2019-11087

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Csme, Intel(r) Txe
Vendor: CVE Published:; 18 December 2019

Summary

Insufficient input validation in Intel's CSME and TXE subsystems may allow local privileged users to exploit the flaw, potentially leading to privilege escalation, unauthorized information disclosure, or denial of service. This vulnerability affects multiple versions of the software, making it critical for users to update to the latest versions to ensure system security.

Affected Version(s)

Intel(R) CSME, Intel(R) TXE See provided reference

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Apr 11, 2019