PT-2019-4048 · Intel · Intel Txe+1

Published

2019-11-12

Updated

2020-02-11

CVE-2019-0169

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intel(R) CSME versions prior to 11.8.70, 11.11.70, 11.22.70, 12.0.45 Intel(R) TXE versions prior to 3.1.70 and 4.0.20

Description The issue is related to a heap overflow in the subsystem, which may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure, or denial of service via adjacent access. Exploitation of the vulnerability could allow a remote attacker to disclose protected information, cause a denial of service, or elevate their privileges.

Recommendations For Intel(R) CSME versions prior to 11.8.70, 11.11.70, 11.22.70, 12.0.45, update to version 11.8.70, 11.11.70, 11.22.70, or 12.0.45 or later. For Intel(R) TXE versions prior to 3.1.70 and 4.0.20, update to version 3.1.70 or 4.0.20 or later.

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

BDU:2019-04609

CVE-2019-0169

Affected Products

Intel Csme

Intel Txe

PT-2019-4048 · Intel · Intel Txe+1

CVE-2019-0169

Weakness Enumeration

Related Identifiers

Affected Products

References · 5