Sign-up

ID

VAR-201912-1816


CVE

CVE-2019-11101


TITLE

Intel(R) CSME and Intel(R) TXE Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013689

DESCRIPTION

Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME and Intel(R) TXE Contains an input validation vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in subsystems in Intel CSME and Intel TXE due to insufficient input validation. A local attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20

Trust: 1.71

sources: NVD: CVE-2019-11101 // JVNDB: JVNDB-2019-013689 // VULHUB: VHN-142714

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.11.70

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.22.70

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.8.70

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.45

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:13.0.10

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:14.0.10

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.70

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.20

Trust: 1.8

vendor:intelmodel:converged security management enginescope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:14.0.0

Trust: 1.0

sources: JVNDB: JVNDB-2019-013689 // NVD: CVE-2019-11101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11101
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11101
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-689
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142714
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-11101
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142714
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11101
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-11101
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142714 // JVNDB: JVNDB-2019-013689 // CNNVD: CNNVD-201911-689 // NVD: CVE-2019-11101

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-142714 // JVNDB: JVNDB-2019-013689 // NVD: CVE-2019-11101

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-689

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-689

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013689

PATCH
title:INTEL-SA-00241url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Trust: 0.8
title:Intel Converged Security and Management Engine  and Intel TXE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106333
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013689 // 
            
            
            
            CNNVD: CNNVD-201911-689

EXTERNAL IDS
db:NVDid:CVE-2019-11101
Trust: 2.5
db:JVNid:JVNVU90354904
Trust: 0.8
db:JVNDBid:JVNDB-2019-013689
Trust: 0.8
db:CNNVDid:CNNVD-201911-689
Trust: 0.7
db:LENOVOid:LEN-27716
Trust: 0.6
db:AUSCERTid:ESB-2020.2344
Trust: 0.6
db:VULHUBid:VHN-142714
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142714 // 
            
            
            
            JVNDB: JVNDB-2019-013689 // 
            
            
            
            CNNVD: CNNVD-201911-689 // 
            
            
            
            NVD: CVE-2019-11101

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11101
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11101
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90354904/
Trust: 0.8
url:https://vigilance.fr/vulnerability/intel-csme-amt-dal-sps-txe-multiple-vulnerabilities-31014
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-27716
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2344/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-142714 // 
            
            
            
            JVNDB: JVNDB-2019-013689 // 
            
            
            
            CNNVD: CNNVD-201911-689 // 
            
            
            
            NVD: CVE-2019-11101

SOURCES
db:VULHUBid:VHN-142714
db:JVNDBid:JVNDB-2019-013689
db:CNNVDid:CNNVD-201911-689
db:NVDid:CVE-2019-11101

LAST UPDATE DATE
2024-11-23T20:36:35.071000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142714date:2020-01-02T00:00:00
db:JVNDBid:JVNDB-2019-013689date:2020-01-14T00:00:00
db:CNNVDid:CNNVD-201911-689date:2020-07-10T00:00:00
db:NVDid:CVE-2019-11101date:2024-11-21T04:20:32.310

SOURCES RELEASE DATE
db:VULHUBid:VHN-142714date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013689date:2020-01-14T00:00:00
db:CNNVDid:CNNVD-201911-689date:2019-11-12T00:00:00
db:NVDid:CVE-2019-11101date:2019-12-18T22:15:12.487