PT-2019-4056 · Intel · Intel Csme

Published

2019-11-12

Updated

2020-01-02

CVE-2019-11103

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intel(R) CSME versions prior to 12.0.45 Intel(R) CSME versions prior to 13.0.10 Intel(R) CSME versions prior to 14.0.10

Description The issue is related to insufficient input validation in the firmware update software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could allow an attacker to elevate their privileges.

Recommendations For versions prior to 12.0.45, update to version 12.0.45 or later. For versions prior to 13.0.10, update to version 13.0.10 or later. For versions prior to 14.0.10, update to version 14.0.10 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-04617

CVE-2019-11103

Affected Products

Intel Csme

PT-2019-4056 · Intel · Intel Csme

CVE-2019-11103

Weakness Enumeration

Related Identifiers

Affected Products

References · 4