PT-2019-4056 · Intel · Intel Csme

Publicado

2019-11-12

Atualizado

2020-01-02

CVE-2019-11103

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intel(R) CSME versions prior to 12.0.45 Intel(R) CSME versions prior to 13.0.10 Intel(R) CSME versions prior to 14.0.10

Description The issue is related to insufficient input validation in the firmware update software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could allow an attacker to elevate their privileges.

Recommendations For versions prior to 12.0.45, update to version 12.0.45 or later. For versions prior to 13.0.10, update to version 13.0.10 or later. For versions prior to 14.0.10, update to version 14.0.10 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2019-04617

CVE-2019-11103

Produtos afetados

Intel Csme

PT-2019-4056 · Intel · Intel Csme

CVE-2019-11103

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4