PT-2019-1625 · Intel · Intel Txe+1
Published
2019-03-12
·
Updated
2019-05-01
·
CVE-2018-12190
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Intel CSME versions prior to 11.8.60
Intel CSME versions prior to 11.11.60
Intel CSME versions prior to 11.22.60
Intel CSME versions prior to 12.0.20
Intel TXE versions prior to 3.1.60
Intel TXE versions prior to 4.0.10
Description
The issue is related to insufficient input validation in the Intel CSME and Intel TXE subsystems, which may allow a privileged user to potentially enable an escalation of privilege via local access. This could potentially allow an attacker to execute arbitrary code.
Recommendations
For Intel CSME versions prior to 11.8.60, update to version 11.8.60 or later.
For Intel CSME versions prior to 11.11.60, update to version 11.11.60 or later.
For Intel CSME versions prior to 11.22.60, update to version 11.22.60 or later.
For Intel CSME versions prior to 12.0.20, update to version 12.0.20 or later.
For Intel TXE versions prior to 3.1.60, update to version 3.1.60 or later.
For Intel TXE versions prior to 4.0.10, update to version 4.0.10 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Csme
Intel Txe