Sign-up

ID

VAR-201912-1812


CVE

CVE-2019-11090


TITLE

plural Intel Product race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-013696

DESCRIPTION

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) PTT , TXE , SPS Contains a race condition vulnerability.Information may be obtained. Intel Server Platform Services (SPS) and others are products of Intel Corporation of the United States. Intel Server Platform Services is a server platform service program. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel Platform Trust Technology (PTT) is an Intel platform trusted technology, mainly used for key management (key encryption and storage) and security authentication. Security vulnerabilities exist in subsystems in Intel PTT, Intel TXE, and Intel SPS. An attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel PTT before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.0, before 14.0.10; Intel TXE 3.1.70 Version, version 4.0.20; Intel SPS version before SPS_E5_04.01.04.305.0, version before SPS_SoC-X_04.00.04.108.0, version before SPS_SoC-A_04.00.04.191.0, version before SPS_E3_04.01.04.086.0, version before SPS_E3_04.08.04.0 previous version

Trust: 1.71

sources: NVD: CVE-2019-11090 // JVNDB: JVNDB-2019-013696 // VULHUB: VHN-142702

AFFECTED PRODUCTS

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-x_04.00.04.108.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:13.0.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.70

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.20

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:lteversion:11.8.70

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e5_04.01.04.305.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-a_04.00.04.191.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e5_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_soc-a_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:12.0.45

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:14.0.10

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_soc-x_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_04.01.04.086.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:14.0.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:eqversion:*

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:11.11.70

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:11.22.70

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e3_04.01.00.000.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:platform trust technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-013696 // NVD: CVE-2019-11090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11090
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11090
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-698
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142702
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11090
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142702
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11090
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-11090
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142702 // JVNDB: JVNDB-2019-013696 // CNNVD: CNNVD-201911-698 // NVD: CVE-2019-11090

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-142702 // JVNDB: JVNDB-2019-013696 // NVD: CVE-2019-11090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-698

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-698

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013696

PATCH
title:INTEL-SA-00241url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Trust: 0.8
title:Multiple Intel Repair measures for product competition conditionsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106335
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013696 // 
            
            
            
            CNNVD: CNNVD-201911-698

EXTERNAL IDS
db:NVDid:CVE-2019-11090
Trust: 2.5
db:JVNid:JVNVU90354904
Trust: 0.8
db:JVNDBid:JVNDB-2019-013696
Trust: 0.8
db:CNNVDid:CNNVD-201911-698
Trust: 0.7
db:LENOVOid:LEN-27716
Trust: 0.6
db:AUSCERTid:ESB-2020.2344
Trust: 0.6
db:CNVDid:CNVD-2020-18621
Trust: 0.1
db:VULHUBid:VHN-142702
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142702 // 
            
            
            
            JVNDB: JVNDB-2019-013696 // 
            
            
            
            CNNVD: CNNVD-201911-698 // 
            
            
            
            NVD: CVE-2019-11090

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11090
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90354904/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11090\
Trust: 0.8
url:https://vigilance.fr/vulnerability/intel-csme-amt-dal-sps-txe-multiple-vulnerabilities-31014
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-11090
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-27716
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2344/
Trust: 0.6
url:https://access.redhat.com/security/cve/cve-2019-11090
Trust: 0.6
sources:
            
            
            VULHUB: VHN-142702 // 
            
            
            
            JVNDB: JVNDB-2019-013696 // 
            
            
            
            CNNVD: CNNVD-201911-698 // 
            
            
            
            NVD: CVE-2019-11090

SOURCES
db:VULHUBid:VHN-142702
db:JVNDBid:JVNDB-2019-013696
db:CNNVDid:CNNVD-201911-698
db:NVDid:CVE-2019-11090

LAST UPDATE DATE
2024-08-14T12:27:35.689000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142702date:2020-01-03T00:00:00
db:JVNDBid:JVNDB-2019-013696date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201911-698date:2020-07-10T00:00:00
db:NVDid:CVE-2019-11090date:2020-01-03T15:59:31.363

SOURCES RELEASE DATE
db:VULHUBid:VHN-142702date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013696date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201911-698date:2019-11-12T00:00:00
db:NVDid:CVE-2019-11090date:2019-12-18T22:15:12.237