ID

VAR-201912-1760


CVE

CVE-2019-11086


TITLE

Intel(R) AMT Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013698

DESCRIPTION

Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker in physical proximity could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-11086 // JVNDB: JVNDB-2019-013698 // VULHUB: VHN-142697

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:ltversion:12.0.45

Trust: 1.8

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

sources: JVNDB: JVNDB-2019-013698 // NVD: CVE-2019-11086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11086
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11086
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-708
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142697
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11086
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142697
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11086
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-11086
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142697 // JVNDB: JVNDB-2019-013698 // CNNVD: CNNVD-201911-708 // NVD: CVE-2019-11086

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-142697 // JVNDB: JVNDB-2019-013698 // NVD: CVE-2019-11086

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-708

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013698

PATCH

title:INTEL-SA-00241url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Trust: 0.8

title:Intel Active Management Technology Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106337

Trust: 0.6

sources: JVNDB: JVNDB-2019-013698 // CNNVD: CNNVD-201911-708

EXTERNAL IDS

db:NVDid:CVE-2019-11086

Trust: 2.5

db:JVNid:JVNVU90354904

Trust: 0.8

db:JVNDBid:JVNDB-2019-013698

Trust: 0.8

db:CNNVDid:CNNVD-201911-708

Trust: 0.7

db:LENOVOid:LEN-27716

Trust: 0.6

db:AUSCERTid:ESB-2020.2344

Trust: 0.6

db:CNVDid:CNVD-2020-18616

Trust: 0.1

db:VULHUBid:VHN-142697

Trust: 0.1

sources: VULHUB: VHN-142697 // JVNDB: JVNDB-2019-013698 // CNNVD: CNNVD-201911-708 // NVD: CVE-2019-11086

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11086

Trust: 0.8

url:https://jvn.jp/vu/jvnvu90354904/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-11086\

Trust: 0.8

url:https://vigilance.fr/vulnerability/intel-csme-amt-dal-sps-txe-multiple-vulnerabilities-31014

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-27716

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2344/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-11086

Trust: 0.6

sources: VULHUB: VHN-142697 // JVNDB: JVNDB-2019-013698 // CNNVD: CNNVD-201911-708 // NVD: CVE-2019-11086

SOURCES

db:VULHUBid:VHN-142697
db:JVNDBid:JVNDB-2019-013698
db:CNNVDid:CNNVD-201911-708
db:NVDid:CVE-2019-11086

LAST UPDATE DATE

2024-11-23T19:26:26.649000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-142697date:2020-01-02T00:00:00
db:JVNDBid:JVNDB-2019-013698date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201911-708date:2020-07-10T00:00:00
db:NVDid:CVE-2019-11086date:2024-11-21T04:20:30.667

SOURCES RELEASE DATE

db:VULHUBid:VHN-142697date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013698date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201911-708date:2019-11-12T00:00:00
db:NVDid:CVE-2019-11086date:2019-12-18T22:15:12.033