CVE-2019-11104

Name of the Vulnerable Software and Affected Versions MEInfo software for Intel(R) CSME versions prior to 11.8.70 MEInfo software for Intel(R) CSME versions prior to 11.11.70 MEInfo software for Intel(R) CSME versions prior to 11.22.70 MEInfo software for Intel(R) CSME versions prior to 12.0.45 MEInfo software for Intel(R) CSME versions prior to 13.0.10 MEInfo software for Intel(R) CSME versions prior to 14.0.10 Intel(R) TXE versions prior to 3.1.70 Intel(R) TXE versions prior to 4.0.20

Description The issue is caused by insufficient input validation in the MEInfo software for Intel(R) CSME and Intel(R) TXE, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could allow an attacker to elevate their privileges.

Recommendations For MEInfo software for Intel(R) CSME versions prior to 11.8.70, update to version 11.8.70 or later. For MEInfo software for Intel(R) CSME versions prior to 11.11.70, update to version 11.11.70 or later. For MEInfo software for Intel(R) CSME versions prior to 11.22.70, update to version 11.22.70 or later. For MEInfo software for Intel(R) CSME versions prior to 12.0.45, update to version 12.0.45 or later. For MEInfo software for Intel(R) CSME versions prior to 13.0.10, update to version 13.0.10 or later. For MEInfo software for Intel(R) CSME versions prior to 14.0.10, update to version 14.0.10 or later. For Intel(R) TXE versions prior to 3.1.70, update to version 3.1.70 or later. For Intel(R) TXE versions prior to 4.0.20, update to version 4.0.20 or later.