Sign-up

ID

VAR-201309-0333


CVE

CVE-2013-5740


TITLE

plural Intel Used in products Intel Trusted Execution Technology SINIT Authenticated Code Modules In Trusted Execution Technology Vulnerabilities that circumvent protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2013-004148

DESCRIPTION

Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors. Successful exploits will allow local processes to gain elevated privileges. This may facilitate a complete compromise of affected computers

Trust: 1.98

sources: NVD: CVE-2013-5740 // JVNDB: JVNDB-2013-004148 // BID: 62416 // VULHUB: VHN-65742

AFFECTED PRODUCTS

vendor:intelmodel:c204 chipsetscope:eqversion: -

Trust: 1.6

vendor:intelmodel:c206 chipsetscope:eqversion: -

Trust: 1.6

vendor:intelmodel:q67 express chipsetscope:eqversion: -

Trust: 1.6

vendor:intelmodel:qm77 chipsetscope:eqversion: -

Trust: 1.6

vendor:intelmodel:qs77 chipsetscope:eqversion: -

Trust: 1.6

vendor:intelmodel:mobile intel qm67 chipsetscope:eqversion: -

Trust: 1.6

vendor:intelmodel:c202 chipsetscope:eqversion: -

Trust: 1.6

vendor:intelmodel:mobile intel qs67 chipsetscope:eqversion: -

Trust: 1.6

vendor:intelmodel:trusted execution technology sinit authenticated code modulescope:lteversion:1.1

Trust: 1.0

vendor:intelmodel:c216 chipsetscope:eqversion: -

Trust: 1.0

vendor:intelmodel:trusted execution technology sinit ac modulescope:lteversion:1.1

Trust: 0.8

vendor:intelmodel:c202 chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:c204 chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:c206 chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:c216 chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:q67 express chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:q77 express chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:qm77 chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:qs77 chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:mobile intel qm67 chip setscope: - version: -

Trust: 0.8

vendor:intelmodel:mobile intel qs67 express chip setscope: - version: -

Trust: 0.8

vendor:citrixmodel:xenclient xtscope:ltversion:2.1.3

Trust: 0.8

vendor:citrixmodel:xenclient xtscope:ltversion:3.1.4

Trust: 0.8

vendor:intelmodel:trusted execution technology sinit authenticated code modulescope:eqversion:1.1

Trust: 0.6

vendor:intelmodel:qs77 chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:qs67 express chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:qm77 chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:qm67 express chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:q77 express chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:q67 express chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:c216 chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:c206 chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:c204 chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:c202 chipsetscope:eqversion:0

Trust: 0.3

vendor:intelmodel:3rd gen i5 i7 sinit 51scope:eqversion:0

Trust: 0.3

vendor:intelmodel:3rd gen i5 i7 sinit 67scope:neversion:0

Trust: 0.3

sources: BID: 62416 // JVNDB: JVNDB-2013-004148 // CNNVD: CNNVD-201309-182 // NVD: CVE-2013-5740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5740
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5740
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-182
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65742
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5740
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65742
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65742 // JVNDB: JVNDB-2013-004148 // CNNVD: CNNVD-201309-182 // NVD: CVE-2013-5740

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-5740

THREAT TYPE

local

Trust: 0.9

sources: BID: 62416 // CNNVD: CNNVD-201309-182

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-182

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004148

PATCH
title:CTX138633url:http://support.citrix.com/article/CTX138633
Trust: 0.8
title:INTEL-SA-00035url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004148

EXTERNAL IDS
db:NVDid:CVE-2013-5740
Trust: 2.8
db:JVNDBid:JVNDB-2013-004148
Trust: 0.8
db:CNNVDid:CNNVD-201309-182
Trust: 0.7
db:BIDid:62416
Trust: 0.4
db:VULHUBid:VHN-65742
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65742 // 
            
            
            
            BID: 62416 // 
            
            
            
            JVNDB: JVNDB-2013-004148 // 
            
            
            
            CNNVD: CNNVD-201309-182 // 
            
            
            
            NVD: CVE-2013-5740

REFERENCES
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00035&languageid=en-fr
Trust: 1.9
url:http://support.citrix.com/article/ctx138633
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5740
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5740
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00035&languageid=en-fr
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65742 // 
            
            
            
            BID: 62416 // 
            
            
            
            JVNDB: JVNDB-2013-004148 // 
            
            
            
            CNNVD: CNNVD-201309-182 // 
            
            
            
            NVD: CVE-2013-5740

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62416

SOURCES
db:VULHUBid:VHN-65742
db:BIDid:62416
db:JVNDBid:JVNDB-2013-004148
db:CNNVDid:CNNVD-201309-182
db:NVDid:CVE-2013-5740

LAST UPDATE DATE
2025-04-11T23:15:25.285000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65742date:2014-07-11T00:00:00
db:BIDid:62416date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-004148date:2013-09-18T00:00:00
db:CNNVDid:CNNVD-201309-182date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5740date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65742date:2013-09-12T00:00:00
db:BIDid:62416date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-004148date:2013-09-18T00:00:00
db:CNNVDid:CNNVD-201309-182date:2013-09-13T00:00:00
db:NVDid:CVE-2013-5740date:2013-09-12T18:37:44.287