CVE-2019-0090

Name of the Vulnerable Software and Affected Versions Intel(R) CSME versions prior to 11.x Intel(R) TXE versions 3.x, 4.x Intel(R) Server Platform Services versions 3.x, 4.x Intel(R) SPS versions prior to SPS E3 05.00.04.027.0

Description The issue is related to insufficient access control in the Intel Converged Security and Management Engine, Intel Server Platform Services, and Intel Trusted Execution Engine. This could allow an unauthenticated user with physical access to potentially enable escalation of privilege. The vulnerability may also allow an attacker to extract the platform's root key, which is used as a root of trust for authenticating various platform components, including TPM and UEFI firmware. This could compromise cryptographic operations for hardware-enabled security technologies.

Recommendations For Intel(R) CSME versions prior to 11.x: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Intel(R) TXE versions 3.x, 4.x: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Intel(R) Server Platform Services versions 3.x, 4.x: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Intel(R) SPS versions prior to SPS E3 05.00.04.027.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.