Sign-up

ID

VAR-202002-0383


CVE

CVE-2019-14598


TITLE

Intel(R) CSME Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014594

DESCRIPTION

Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. Intel(R) CSME There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel CSME has a security vulnerability. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation of the United States. An authorization issue vulnerability exists in Intel CSME due to incorrect authentication in the subsystem. The following products and versions are affected: Intel CSME version 12.0 to 12.0.48, versions prior to 12.0.56 (IOT), versions 13.0 to 13.0.20, and versions 14.0 to 14.0.10

Trust: 2.79

sources: NVD: CVE-2019-14598 // JVNDB: JVNDB-2019-014594 // CNVD: CNVD-2020-10444 // CNNVD: CNNVD-202002-490 // VULHUB: VHN-146560

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-10444

AFFECTED PRODUCTS

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:12.0.48

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:12.0.56

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:13.0.20

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:14.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:13.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:ltversion:14.0.10

Trust: 1.0

vendor:intelmodel:converged security management enginescope:eqversion:12.0 から 12.0.48

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:13.0 から 13.0.20

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:14.0 から 14.0.10

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:for iot 12.0 から 12.0.56

Trust: 0.8

vendor:intelmodel:csme (iot only:scope:gteversion:12.0,<=12.0.4812.0.56)

Trust: 0.6

vendor:intelmodel:csmescope:gteversion:13.0<=13.0.20

Trust: 0.6

vendor:intelmodel:csmescope:gteversion:14.0,<=14.0.10

Trust: 0.6

sources: CNVD: CNVD-2020-10444 // JVNDB: JVNDB-2019-014594 // NVD: CVE-2019-14598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14598
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014594
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-10444
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-490
value: MEDIUM

Trust: 0.6

VULHUB: VHN-146560
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-14598
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014594
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-10444
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-146560
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14598
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014594
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-10444 // VULHUB: VHN-146560 // JVNDB: JVNDB-2019-014594 // CNNVD: CNNVD-202002-490 // NVD: CVE-2019-14598

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-146560 // JVNDB: JVNDB-2019-014594 // NVD: CVE-2019-14598

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-490

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202002-490

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014594

PATCH
title:INTEL-SA-00307url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00307.html
Trust: 0.8
title:Patch for Intel CSME Incorrect Certification Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/201777
Trust: 0.6
title:Intel Converged Security and Management Engine Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110096
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-10444 // 
            
            
            
            JVNDB: JVNDB-2019-014594 // 
            
            
            
            CNNVD: CNNVD-202002-490

EXTERNAL IDS
db:NVDid:CVE-2019-14598
Trust: 3.1
db:JVNid:JVNVU96221887
Trust: 0.8
db:JVNDBid:JVNDB-2019-014594
Trust: 0.8
db:CNVDid:CNVD-2020-10444
Trust: 0.7
db:AUSCERTid:ESB-2020.0499
Trust: 0.6
db:LENOVOid:LEN-30525
Trust: 0.6
db:CNNVDid:CNNVD-202002-490
Trust: 0.6
db:VULHUBid:VHN-146560
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-10444 // 
            
            
            
            VULHUB: VHN-146560 // 
            
            
            
            JVNDB: JVNDB-2019-014594 // 
            
            
            
            CNNVD: CNNVD-202002-490 // 
            
            
            
            NVD: CVE-2019-14598

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00307.html
Trust: 2.3
url:https://security.netapp.com/advisory/ntap-20200221-0005/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14598
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96221887/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-14598
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-30525
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0499/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-10444 // 
            
            
            
            VULHUB: VHN-146560 // 
            
            
            
            JVNDB: JVNDB-2019-014594 // 
            
            
            
            CNNVD: CNNVD-202002-490 // 
            
            
            
            NVD: CVE-2019-14598

SOURCES
db:CNVDid:CNVD-2020-10444
db:VULHUBid:VHN-146560
db:JVNDBid:JVNDB-2019-014594
db:CNNVDid:CNNVD-202002-490
db:NVDid:CVE-2019-14598

LAST UPDATE DATE
2024-11-23T20:04:17.466000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-10444date:2020-02-19T00:00:00
db:VULHUBid:VHN-146560date:2020-02-24T00:00:00
db:JVNDBid:JVNDB-2019-014594date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-490date:2020-02-28T00:00:00
db:NVDid:CVE-2019-14598date:2024-11-21T04:27:00.133

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-10444date:2020-02-18T00:00:00
db:VULHUBid:VHN-146560date:2020-02-13T00:00:00
db:JVNDBid:JVNDB-2019-014594date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-490date:2020-02-11T00:00:00
db:NVDid:CVE-2019-14598date:2020-02-13T19:15:13.130