CVE-2019-11106

Name of the Vulnerable Software and Affected Versions Intel Converged Security and Manageability Engine (CSME) versions prior to 11.8.70 Intel Converged Security and Manageability Engine (CSME) versions prior to 12.0.45 Intel Converged Security and Manageability Engine (CSME) versions prior to 13.0.10 Intel Converged Security and Manageability Engine (CSME) versions prior to 14.0.10 Intel TXE versions prior to 3.1.70 Intel TXE versions prior to 4.0.20

Description The issue is related to insufficient session validation in the Intel CSME subsystem, which may allow a privileged user to potentially enable escalation of privilege via local access. This could lead to a user gaining higher privileges than intended.

Recommendations For Intel Converged Security and Manageability Engine (CSME) versions prior to 11.8.70, update to version 11.8.70 or later. For Intel Converged Security and Manageability Engine (CSME) versions prior to 12.0.45, update to version 12.0.45 or later. For Intel Converged Security and Manageability Engine (CSME) versions prior to 13.0.10, update to version 13.0.10 or later. For Intel Converged Security and Manageability Engine (CSME) versions prior to 14.0.10, update to version 14.0.10 or later. For Intel TXE versions prior to 3.1.70, update to version 3.1.70 or later. For Intel TXE versions prior to 4.0.20, update to version 4.0.20 or later.