CVE-2019-11097

Name of the Vulnerable Software and Affected Versions Intel(R) Management Engine Consumer Driver for Windows versions prior to 11.8.70 Intel(R) Management Engine Consumer Driver for Windows versions prior to 11.11.70 Intel(R) Management Engine Consumer Driver for Windows versions prior to 11.22.70 Intel(R) Management Engine Consumer Driver for Windows versions prior to 12.0.45 Intel(R) Management Engine Consumer Driver for Windows versions prior to 13.0.10 Intel(R) Management Engine Consumer Driver for Windows versions prior to 14.0.10 Intel(R) TXE versions prior to 3.1.70 Intel(R) TXE versions prior to 4.0.20

Description The issue is related to improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows and Intel(R) TXE, which may allow an authenticated user to potentially enable escalation of privilege via local access. This is due to insufficient access control, which can be exploited by an attacker to gain elevated privileges.

Recommendations For Intel(R) Management Engine Consumer Driver for Windows versions prior to 11.8.70, update to version 11.8.70 or later. For Intel(R) Management Engine Consumer Driver for Windows versions prior to 11.11.70, update to version 11.11.70 or later. For Intel(R) Management Engine Consumer Driver for Windows versions prior to 11.22.70, update to version 11.22.70 or later. For Intel(R) Management Engine Consumer Driver for Windows versions prior to 12.0.45, update to version 12.0.45 or later. For Intel(R) Management Engine Consumer Driver for Windows versions prior to 13.0.10, update to version 13.0.10 or later. For Intel(R) Management Engine Consumer Driver for Windows versions prior to 14.0.10, update to version 14.0.10 or later. For Intel(R) TXE versions prior to 3.1.70, update to version 3.1.70 or later. For Intel(R) TXE versions prior to 4.0.20, update to version 4.0.20 or later.