PT-2019-2203 · Intel · Intel Server Platform Services+1
Published
2019-05-14
·
Updated
2020-08-24
·
CVE-2019-0093
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Intel Converged Security and Manageability Engine versions prior to 11.8.65
Intel Converged Security and Manageability Engine versions prior to 11.11.65
Intel Converged Security and Manageability Engine versions prior to 11.22.65
Intel Converged Security and Manageability Engine versions prior to 12.0.35
Intel Server Platform Services versions prior to SPS E3 05.00.04.027.0
Description
The issue is related to insufficient protection of service data in the HECI subsystem, which may allow a privileged user to potentially enable information disclosure via local access.
Recommendations
For Intel Converged Security and Manageability Engine versions prior to 11.8.65, update to version 11.8.65 or later.
For Intel Converged Security and Manageability Engine versions prior to 11.11.65, update to version 11.11.65 or later.
For Intel Converged Security and Manageability Engine versions prior to 11.22.65, update to version 11.22.65 or later.
For Intel Converged Security and Manageability Engine versions prior to 12.0.35, update to version 12.0.35 or later.
For Intel Server Platform Services versions prior to SPS E3 05.00.04.027.0, update to version SPS E3 05.00.04.027.0 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Converged Security/Manageability Engine
Intel Server Platform Services