CVE-2019-0086

Name of the Vulnerable Software and Affected Versions Intel Converged Security and Manageability Engine versions prior to 11.8.65 Intel Converged Security and Manageability Engine versions prior to 11.11.65 Intel Converged Security and Manageability Engine versions prior to 11.22.65 Intel Converged Security and Manageability Engine versions prior to 12.0.35 Intel Trusted Execution Engine version 3.1 before 3.1.65 Intel Trusted Execution Engine version 4.0 before 4.0.15

Description The issue is related to insufficient access control in the Dynamic Application Loader component of the Intel Converged Security and Manageability Engine and Intel Trusted Execution Engine. This can allow an unprivileged user to potentially enable escalation of privilege via local access.

Recommendations For Intel Converged Security and Manageability Engine versions prior to 11.8.65, update to version 11.8.65 or later. For Intel Converged Security and Manageability Engine versions prior to 11.11.65, update to version 11.11.65 or later. For Intel Converged Security and Manageability Engine versions prior to 11.22.65, update to version 11.22.65 or later. For Intel Converged Security and Manageability Engine versions prior to 12.0.35, update to version 12.0.35 or later. For Intel Trusted Execution Engine version 3.1 before 3.1.65, update to version 3.1.65 or later. For Intel Trusted Execution Engine version 4.0 before 4.0.15, update to version 4.0.15 or later.