PT-2020-1846 · Intel · Intel Csme
Chedva Gottesman
·
Published
2020-02-11
·
Updated
2022-01-01
·
CVE-2019-14598
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Intel CSME versions 12.0 through 12.0.48
Intel CSME versions 13.0 through 13.0.20
Intel CSME versions 14.0 through 14.0.10
Description
The issue is related to improper authentication in the Intel Converged Security and Manageability Engine (CSME), which may allow a privileged user to potentially enable escalation of privilege, denial of service, or information disclosure via local access.
Recommendations
For Intel CSME versions 12.0 through 12.0.48, update to a version outside of this range to mitigate the risk.
For Intel CSME versions 13.0 through 13.0.20, update to a version outside of this range to mitigate the risk.
For Intel CSME versions 14.0 through 14.0.10, update to a version outside of this range to mitigate the risk.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Csme