ID

VAR-201912-1714


CVE

CVE-2019-0168


TITLE

Intel(R) CSME and TXE Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013703

DESCRIPTION

Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME and TXE Contains an input validation vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in the subsystems in Intel CSME and TXE. A local attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel CSME before 11.8.70, before 12.0.45, before 13.0.10; Intel TXE before 3.1.70, before 4.0.20

Trust: 1.71

sources: NVD: CVE-2019-0168 // JVNDB: JVNDB-2019-013703 // VULHUB: VHN-140199

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.8.70

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.45

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:13.0.10

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.70

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.20

Trust: 1.8

vendor:intelmodel:converged security management enginescope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

sources: JVNDB: JVNDB-2019-013703 // NVD: CVE-2019-0168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0168
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0168
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-714
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140199
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0168
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140199
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0168
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-0168
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140199 // JVNDB: JVNDB-2019-013703 // CNNVD: CNNVD-201911-714 // NVD: CVE-2019-0168

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-140199 // JVNDB: JVNDB-2019-013703 // NVD: CVE-2019-0168

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-714

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-714

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013703

PATCH

title:INTEL-SA-00241url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Trust: 0.8

title:Intel Converged Security and Management Engine and Intel TXE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106339

Trust: 0.6

sources: JVNDB: JVNDB-2019-013703 // CNNVD: CNNVD-201911-714

EXTERNAL IDS

db:NVDid:CVE-2019-0168

Trust: 2.5

db:JVNid:JVNVU90354904

Trust: 0.8

db:JVNDBid:JVNDB-2019-013703

Trust: 0.8

db:CNNVDid:CNNVD-201911-714

Trust: 0.7

db:LENOVOid:LEN-27716

Trust: 0.6

db:AUSCERTid:ESB-2020.2344

Trust: 0.6

db:VULHUBid:VHN-140199

Trust: 0.1

sources: VULHUB: VHN-140199 // JVNDB: JVNDB-2019-013703 // CNNVD: CNNVD-201911-714 // NVD: CVE-2019-0168

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0168

Trust: 0.8

url:https://jvn.jp/vu/jvnvu90354904/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-0168\

Trust: 0.8

url:https://vigilance.fr/vulnerability/intel-csme-amt-dal-sps-txe-multiple-vulnerabilities-31014

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-27716

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-0168

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2344/

Trust: 0.6

sources: VULHUB: VHN-140199 // JVNDB: JVNDB-2019-013703 // CNNVD: CNNVD-201911-714 // NVD: CVE-2019-0168

SOURCES

db:VULHUBid:VHN-140199
db:JVNDBid:JVNDB-2019-013703
db:CNNVDid:CNNVD-201911-714
db:NVDid:CVE-2019-0168

LAST UPDATE DATE

2024-11-23T20:16:05.610000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-140199date:2020-01-02T00:00:00
db:JVNDBid:JVNDB-2019-013703date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201911-714date:2020-07-10T00:00:00
db:NVDid:CVE-2019-0168date:2024-11-21T04:16:23.760

SOURCES RELEASE DATE

db:VULHUBid:VHN-140199date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013703date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201911-714date:2019-11-12T00:00:00
db:NVDid:CVE-2019-0168date:2019-12-18T22:15:11.847