PT-2019-4054 · Intel · Metinfo+2

Published

2019-11-12

·

Updated

2020-01-02

·

CVE-2019-11104

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MEInfo software for Intel(R) CSME versions prior to 11.8.70 MEInfo software for Intel(R) CSME versions prior to 11.11.70 MEInfo software for Intel(R) CSME versions prior to 11.22.70 MEInfo software for Intel(R) CSME versions prior to 12.0.45 MEInfo software for Intel(R) CSME versions prior to 13.0.10 MEInfo software for Intel(R) CSME versions prior to 14.0.10 Intel(R) TXE versions prior to 3.1.70 Intel(R) TXE versions prior to 4.0.20
Description The issue is caused by insufficient input validation in the MEInfo software for Intel(R) CSME and Intel(R) TXE, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could allow an attacker to elevate their privileges.
Recommendations For MEInfo software for Intel(R) CSME versions prior to 11.8.70, update to version 11.8.70 or later. For MEInfo software for Intel(R) CSME versions prior to 11.11.70, update to version 11.11.70 or later. For MEInfo software for Intel(R) CSME versions prior to 11.22.70, update to version 11.22.70 or later. For MEInfo software for Intel(R) CSME versions prior to 12.0.45, update to version 12.0.45 or later. For MEInfo software for Intel(R) CSME versions prior to 13.0.10, update to version 13.0.10 or later. For MEInfo software for Intel(R) CSME versions prior to 14.0.10, update to version 14.0.10 or later. For Intel(R) TXE versions prior to 3.1.70, update to version 3.1.70 or later. For Intel(R) TXE versions prior to 4.0.20, update to version 4.0.20 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-04615
CVE-2019-11104

Affected Products

Intel Csme
Intel Txe
Metinfo