Details of VAR-201912-1828

ID

VAR-201912-1828

CVE

CVE-2019-11147

TITLE

plural Intel Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-013695

DESCRIPTION

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel There are unspecified vulnerabilities in the product.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). INTEL-SA-00086 Detection Tool is a detection tool for detecting INTEL-SA-00086 security issues. A security vulnerability exists in several Intel products. The vulnerability is caused by the program's insufficient access control. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.0, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20; INTEL-SA-00086 Detection Tool 1.2.7.0 and earlier versions; INTEL-SA-00125 Detection Tool 1.0.45.0 and earlier versions

Trust: 1.71

sources: NVD: CVE-2019-11147 // JVNDB: JVNDB-2019-013695 // VULHUB: VHN-142764

AFFECTED PRODUCTS

vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.11.70	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.22.70	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.8.70	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	12.0.45	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	13.0.0	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	14.0.10	Trust: 1.8
vendor:	intel	model:	trusted execution engine	scope:	lt	version:	3.1.70	Trust: 1.8
vendor:	intel	model:	trusted execution engine	scope:	lt	version:	4.0.20	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	gte	version:	13.0	Trust: 1.0
vendor:	intel	model:	sa-00086 detection tool	scope:	lte	version:	1.2.7.0	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	11.10	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	11.20	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	intel	model:	trusted execution engine	scope:	gte	version:	3.0	Trust: 1.0
vendor:	intel	model:	trusted execution engine	scope:	gte	version:	4.0	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	11.0	Trust: 1.0
vendor:	intel	model:	intel-sa-00125 detection tool	scope:	lte	version:	1.0.45.0	Trust: 1.0
vendor:	intel	model:	intel-sa-00086 detection tool	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel-sa-00125 detection tool	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-013695 // NVD: CVE-2019-11147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11147
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-11147
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-655
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142764
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11147
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-142764
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11147
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-11147
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-142764 // JVNDB: JVNDB-2019-013695 // CNNVD: CNNVD-201911-655 // NVD: CVE-2019-11147

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2019-013695 // NVD: CVE-2019-11147

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-655

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-655

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013695

PATCH

title:	INTEL-SA-00241	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html	Trust: 0.8
title:	Multiple Intel Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103867	Trust: 0.6

sources: JVNDB: JVNDB-2019-013695 // CNNVD: CNNVD-201911-655

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11147	Trust: 2.5
db:	JVN	id:	JVNVU90354904	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013695	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-655	Trust: 0.7
db:	LENOVO	id:	LEN-27716	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2344	Trust: 0.6
db:	CNVD	id:	CNVD-2020-18612	Trust: 0.1
db:	VULHUB	id:	VHN-142764	Trust: 0.1

sources: VULHUB: VHN-142764 // JVNDB: JVNDB-2019-013695 // CNNVD: CNNVD-201911-655 // NVD: CVE-2019-11147

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11147	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11147	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90354904/	Trust: 0.8
url:	https://vigilance.fr/vulnerability/intel-csme-amt-dal-sps-txe-multiple-vulnerabilities-31014	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-27716	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2344/	Trust: 0.6

sources: VULHUB: VHN-142764 // JVNDB: JVNDB-2019-013695 // CNNVD: CNNVD-201911-655 // NVD: CVE-2019-11147

SOURCES

db:	VULHUB	id:	VHN-142764
db:	JVNDB	id:	JVNDB-2019-013695
db:	CNNVD	id:	CNNVD-201911-655
db:	NVD	id:	CVE-2019-11147

LAST UPDATE DATE

2024-11-23T21:07:51.824000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142764	date:	2020-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-013695	date:	2020-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201911-655	date:	2020-07-10T00:00:00
db:	NVD	id:	CVE-2019-11147	date:	2024-11-21T04:20:37.420

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142764	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-013695	date:	2020-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201911-655	date:	2019-11-12T00:00:00
db:	NVD	id:	CVE-2019-11147	date:	2019-12-18T22:15:13.457