Sign-up

ID

VAR-201905-1178


CVE

CVE-2019-0097


TITLE

Intel(R) AMT Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004706

DESCRIPTION

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access. Intel(R) AMT Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An input validation error vulnerability exists in subsystems in versions prior to Intel AMT 12.0.35. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.8

sources: NVD: CVE-2019-0097 // JVNDB: JVNDB-2019-004706 // VULHUB: VHN-140128 // VULMON: CVE-2019-0097

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:ltversion:12.0.35

Trust: 1.8

vendor:intelmodel:active management technologyscope:gteversion:12.0.20

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-004706 // JVNDB: JVNDB-2019-003441 // NVD: CVE-2019-0097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0097
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0097
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-747
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140128
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-0097
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0097
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140128
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0097
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140128 // VULMON: CVE-2019-0097 // JVNDB: JVNDB-2019-004706 // CNNVD: CNNVD-201905-747 // NVD: CVE-2019-0097

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-140128 // JVNDB: JVNDB-2019-004706 // NVD: CVE-2019-0097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-747

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-747

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004706

PATCH
title:INTEL-SA-00213url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.6
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:HP: HPSBHF03616 rev. 1  -  Intel CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03616
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=fd8d8d147c2dc58a9552ea19a80369fe
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=36bdf366c0b633d1ee0c20eab22574bc
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0097 // 
            
            
            
            JVNDB: JVNDB-2019-004706 // 
            
            
            
            JVNDB: JVNDB-2019-003441

EXTERNAL IDS
db:NVDid:CVE-2019-0097
Trust: 2.6
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004706
Trust: 0.8
db:CNNVDid:CNNVD-201905-747
Trust: 0.7
db:AUSCERTid:ASB-2019.0148.2
Trust: 0.6
db:LENOVOid:LEN-26293
Trust: 0.6
db:VULHUBid:VHN-140128
Trust: 0.1
db:VULMONid:CVE-2019-0097
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140128 // 
            
            
            
            VULMON: CVE-2019-0097 // 
            
            
            
            JVNDB: JVNDB-2019-004706 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            CNNVD: CNNVD-201905-747 // 
            
            
            
            NVD: CVE-2019-0097

REFERENCES
url:https://support.f5.com/csp/article/k84591451
Trust: 1.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0097
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0097
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://support.lenovo.com/us/zh/solutions/len-26293
Trust: 0.6
url:https://www.auscert.org.au/bulletins/asb-2019.0148.2/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-26293
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.hp.com/us-en/document/c06330088
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140128 // 
            
            
            
            VULMON: CVE-2019-0097 // 
            
            
            
            JVNDB: JVNDB-2019-004706 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            CNNVD: CNNVD-201905-747 // 
            
            
            
            NVD: CVE-2019-0097

SOURCES
db:VULHUBid:VHN-140128
db:VULMONid:CVE-2019-0097
db:JVNDBid:JVNDB-2019-004706
db:JVNDBid:JVNDB-2019-003441
db:CNNVDid:CNNVD-201905-747
db:NVDid:CVE-2019-0097

LAST UPDATE DATE
2024-11-23T19:42:52.780000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140128date:2019-06-20T00:00:00
db:VULMONid:CVE-2019-0097date:2023-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004706date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201905-747date:2019-09-26T00:00:00
db:NVDid:CVE-2019-0097date:2024-11-21T04:16:13.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-140128date:2019-05-17T00:00:00
db:VULMONid:CVE-2019-0097date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-004706date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201905-747date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0097date:2019-05-17T16:29:01.360