ID

VAR-201912-1812


CVE

CVE-2019-11090


TITLE

plural Intel Product race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-013696

DESCRIPTION

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) PTT , TXE , SPS Contains a race condition vulnerability.Information may be obtained. Intel Server Platform Services (SPS) and others are products of Intel Corporation of the United States. Intel Server Platform Services is a server platform service program. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel Platform Trust Technology (PTT) is an Intel platform trusted technology, mainly used for key management (key encryption and storage) and security authentication. Security vulnerabilities exist in subsystems in Intel PTT, Intel TXE, and Intel SPS. An attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel PTT before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.0, before 14.0.10; Intel TXE 3.1.70 Version, version 4.0.20; Intel SPS version before SPS_E5_04.01.04.305.0, version before SPS_SoC-X_04.00.04.108.0, version before SPS_SoC-A_04.00.04.191.0, version before SPS_E3_04.01.04.086.0, version before SPS_E3_04.08.04.0 previous version

Trust: 1.71

sources: NVD: CVE-2019-11090 // JVNDB: JVNDB-2019-013696 // VULHUB: VHN-142702

AFFECTED PRODUCTS

vendor:intelmodel:platform trust technologyscope:gteversion:14.0.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_soc-a_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-x_04.00.04.108.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_soc-x_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:11.22.70

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-a_04.00.04.191.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e3_04.01.00.000.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_04.01.04.086.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.70

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:13.0.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:11.11.70

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e5_04.01.04.305.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.20

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:12.0.45

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:lteversion:11.8.70

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:server platform servicesscope:gteversion:sps_e5_04.00.00.000.0

Trust: 1.0

vendor:intelmodel:platform trust technologyscope:ltversion:14.0.10

Trust: 1.0

vendor:intelmodel:server platform servicesscope:eqversion:*

Trust: 1.0

vendor:intelmodel:platform trust technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-013696 // NVD: CVE-2019-11090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11090
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11090
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-698
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142702
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11090
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142702
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11090
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-11090
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142702 // JVNDB: JVNDB-2019-013696 // CNNVD: CNNVD-201911-698 // NVD: CVE-2019-11090

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-142702 // JVNDB: JVNDB-2019-013696 // NVD: CVE-2019-11090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-698

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-698

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013696

PATCH

title:INTEL-SA-00241url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Trust: 0.8

title:Multiple Intel Repair measures for product competition conditionsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106335

Trust: 0.6

sources: JVNDB: JVNDB-2019-013696 // CNNVD: CNNVD-201911-698

EXTERNAL IDS

db:NVDid:CVE-2019-11090

Trust: 2.5

db:JVNid:JVNVU90354904

Trust: 0.8

db:JVNDBid:JVNDB-2019-013696

Trust: 0.8

db:CNNVDid:CNNVD-201911-698

Trust: 0.7

db:LENOVOid:LEN-27716

Trust: 0.6

db:AUSCERTid:ESB-2020.2344

Trust: 0.6

db:CNVDid:CNVD-2020-18621

Trust: 0.1

db:VULHUBid:VHN-142702

Trust: 0.1

sources: VULHUB: VHN-142702 // JVNDB: JVNDB-2019-013696 // CNNVD: CNNVD-201911-698 // NVD: CVE-2019-11090

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11090

Trust: 0.8

url:https://jvn.jp/vu/jvnvu90354904/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-11090\

Trust: 0.8

url:https://vigilance.fr/vulnerability/intel-csme-amt-dal-sps-txe-multiple-vulnerabilities-31014

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-11090

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-27716

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2344/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-11090

Trust: 0.6

sources: VULHUB: VHN-142702 // JVNDB: JVNDB-2019-013696 // CNNVD: CNNVD-201911-698 // NVD: CVE-2019-11090

SOURCES

db:VULHUBid:VHN-142702
db:JVNDBid:JVNDB-2019-013696
db:CNNVDid:CNNVD-201911-698
db:NVDid:CVE-2019-11090

LAST UPDATE DATE

2024-11-23T21:12:05.061000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-142702date:2020-01-03T00:00:00
db:JVNDBid:JVNDB-2019-013696date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201911-698date:2020-07-10T00:00:00
db:NVDid:CVE-2019-11090date:2024-11-21T04:20:31.127

SOURCES RELEASE DATE

db:VULHUBid:VHN-142702date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013696date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201911-698date:2019-11-12T00:00:00
db:NVDid:CVE-2019-11090date:2019-12-18T22:15:12.237