CVE-2019-11147

Name of the Vulnerable Software and Affected Versions Intel CSME versions prior to 11.8.70 Intel CSME versions prior to 11.11.70 Intel CSME versions prior to 11.22.70 Intel CSME versions prior to 12.0.45 Intel CSME versions prior to 13.0.0 Intel CSME versions prior to 14.0.10 Intel TXE versions prior to 3.1.70 Intel TXE versions prior to 4.0.20 INTEL-SA-00086 Detection Tool version 1.2.7.0 or earlier INTEL-SA-00125 Detection Tool version 1.0.45.0 or earlier

Description The issue is related to insufficient access control in the hardware abstraction driver for MEInfo software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could permit a attacker to gain elevated privileges.

Recommendations For Intel CSME versions prior to 11.8.70, update to version 11.8.70 or later. For Intel CSME versions prior to 11.11.70, update to version 11.11.70 or later. For Intel CSME versions prior to 11.22.70, update to version 11.22.70 or later. For Intel CSME versions prior to 12.0.45, update to version 12.0.45 or later. For Intel CSME versions prior to 13.0.0, update to version 13.0.0 or later. For Intel CSME versions prior to 14.0.10, update to version 14.0.10 or later. For Intel TXE versions prior to 3.1.70, update to version 3.1.70 or later. For Intel TXE versions prior to 4.0.20, update to version 4.0.20 or later. For INTEL-SA-00086 Detection Tool version 1.2.7.0 or earlier, update to a version later than 1.2.7.0. For INTEL-SA-00125 Detection Tool version 1.0.45.0 or earlier, update to a version later than 1.0.45.0.