Sign-up

ID

VAR-201905-1173


CVE

CVE-2019-0091


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. Intel(R) CSME and TXE Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A code injection vulnerability exists in the installer in Intel CSME and Intel TXE. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing code segments from external input data. Attackers can exploit this vulnerability to generate illegal code segments and modify the expected execution control flow of network systems or components. The following products and versions are affected: Intel CSME versions before 11.8.65, versions before 11.11.65, versions before 11.22.65, versions before 12.0.35; Intel TXE versions 3.1.65 and 4.0.15

Trust: 1.8

sources: NVD: CVE-2019-0091 // JVNDB: JVNDB-2019-004742 // VULHUB: VHN-140122 // VULMON: CVE-2019-0091

AFFECTED PRODUCTS

vendor:intelmodel:converged security and management enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:trusted execution technologyscope:ltversion:3.1.65

Trust: 1.0

vendor:intelmodel:converged security and management enginescope:gteversion:11.11.0

Trust: 1.0

vendor:intelmodel:trusted execution technologyscope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:converged security and management enginescope:ltversion:12.0.35

Trust: 1.0

vendor:intelmodel:converged security and management enginescope:gteversion:11.8.0

Trust: 1.0

vendor:intelmodel:converged security and management enginescope:ltversion:11.22.65

Trust: 1.0

vendor:intelmodel:converged security and management enginescope:ltversion:11.8.65

Trust: 1.0

vendor:intelmodel:trusted execution technologyscope:ltversion:4.0.15

Trust: 1.0

vendor:intelmodel:converged security and management enginescope:ltversion:11.11.65

Trust: 1.0

vendor:intelmodel:trusted execution technologyscope:gteversion:3.1.0

Trust: 1.0

vendor:intelmodel:converged security and management enginescope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope:ltversion:11.11.65

Trust: 0.8

vendor:intelmodel:converged security management enginescope:ltversion:11.22.65

Trust: 0.8

vendor:intelmodel:converged security management enginescope:ltversion:11.8.65

Trust: 0.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.35

Trust: 0.8

vendor:intelmodel:trusted execution engine interfacescope:ltversion:3.1.65

Trust: 0.8

vendor:intelmodel:trusted execution engine interfacescope:ltversion:4.0.15

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004742 // NVD: CVE-2019-0091

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0091
value: HIGH

Trust: 1.0

NVD: CVE-2019-0091
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-742
value: HIGH

Trust: 0.6

VULHUB: VHN-140122
value: HIGH

Trust: 0.1

VULMON: CVE-2019-0091
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0091
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140122
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0091
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140122 // VULMON: CVE-2019-0091 // JVNDB: JVNDB-2019-004742 // CNNVD: CNNVD-201905-742 // NVD: CVE-2019-0091

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-140122 // JVNDB: JVNDB-2019-004742 // NVD: CVE-2019-0091

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-742

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-742

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.6
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:HP: HPSBHF03616 rev. 1  -  Intel CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03616
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=fd8d8d147c2dc58a9552ea19a80369fe
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=36bdf366c0b633d1ee0c20eab22574bc
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0091 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004742

EXTERNAL IDS
db:NVDid:CVE-2019-0091
Trust: 2.6
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004742
Trust: 0.8
db:CNNVDid:CNNVD-201905-742
Trust: 0.7
db:AUSCERTid:ASB-2019.0148.2
Trust: 0.6
db:AUSCERTid:ESB-2019.2211
Trust: 0.6
db:LENOVOid:LEN-26293
Trust: 0.6
db:CNVDid:CNVD-2020-18578
Trust: 0.1
db:VULHUBid:VHN-140122
Trust: 0.1
db:VULMONid:CVE-2019-0091
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140122 // 
            
            
            
            VULMON: CVE-2019-0091 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004742 // 
            
            
            
            CNNVD: CNNVD-201905-742 // 
            
            
            
            NVD: CVE-2019-0091

REFERENCES
url:https://support.f5.com/csp/article/k21423526
Trust: 1.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0091
Trust: 1.4
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0091
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://support.f5.com/csp/article/k71265658
Trust: 0.6
url:https://support.f5.com/csp/article/k10522033
Trust: 0.6
url:https://support.lenovo.com/us/zh/solutions/len-26293
Trust: 0.6
url:https://www.auscert.org.au/bulletins/asb-2019.0148.2/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-26293
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2211/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.hp.com/us-en/document/c06330088
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140122 // 
            
            
            
            VULMON: CVE-2019-0091 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004742 // 
            
            
            
            CNNVD: CNNVD-201905-742 // 
            
            
            
            NVD: CVE-2019-0091

SOURCES
db:VULHUBid:VHN-140122
db:VULMONid:CVE-2019-0091
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004742
db:CNNVDid:CNNVD-201905-742
db:NVDid:CVE-2019-0091

LAST UPDATE DATE
2024-11-23T20:02:07.074000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140122date:2019-06-20T00:00:00
db:VULMONid:CVE-2019-0091date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004742date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-742date:2019-09-26T00:00:00
db:NVDid:CVE-2019-0091date:2024-11-21T04:16:12.890

SOURCES RELEASE DATE
db:VULHUBid:VHN-140122date:2019-05-17T00:00:00
db:VULMONid:CVE-2019-0091date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004742date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-742date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0091date:2019-05-17T16:29:01.017