PT-2019-4271 · Intel · Intel Software Guard Extensions Sdk

Published

2019-11-12

Updated

2020-08-24

CVE-2019-14565

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intel Software Guard Extensions SDK versions 2.4.100.51291 and earlier Intel Software Guard Extensions SDK Linux versions 2.6.100.51363 and earlier

Description The issue is related to insufficient input validation, which may allow an attacker to elevate privileges, cause a denial of service, or gain unauthorized access to protected information. An authenticated user may enable information disclosure, escalation of privilege, or denial of service via local access.

Recommendations For Intel Software Guard Extensions SDK versions 2.4.100.51291 and earlier, update to a version later than 2.4.100.51291 to resolve the issue. For Intel Software Guard Extensions SDK Linux versions 2.6.100.51363 and earlier, update to a version later than 2.6.100.51363 to resolve the issue.

Fix

Improper Initialization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665CWE-20

Related Identifiers

BDU:2019-04878

CVE-2019-14565

Affected Products

Intel Software Guard Extensions Sdk

PT-2019-4271 · Intel · Intel Software Guard Extensions Sdk

CVE-2019-14565

Weakness Enumeration

Related Identifiers

Affected Products

References · 7