Sign-up

ID

VAR-201905-0872


CVE

CVE-2019-0153


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) CSME Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A buffer overflow vulnerability exists in the subsystems of Intel CSME versions 12.0.0 to 12.0.34. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2019-0153 // JVNDB: JVNDB-2019-004647 // VULHUB: VHN-140184 // VULMON: CVE-2019-0153

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:12.0.35

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:12.0.0 to 12.0.34

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004647 // NVD: CVE-2019-0153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0153
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-0153
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-754
value: CRITICAL

Trust: 0.6

VULHUB: VHN-140184
value: HIGH

Trust: 0.1

VULMON: CVE-2019-0153
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0153
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140184
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0153
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140184 // VULMON: CVE-2019-0153 // JVNDB: JVNDB-2019-004647 // CNNVD: CNNVD-201905-754 // NVD: CVE-2019-0153

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-140184 // JVNDB: JVNDB-2019-004647 // NVD: CVE-2019-0153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-754

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-754

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.6
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=fd8d8d147c2dc58a9552ea19a80369fe
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=36bdf366c0b633d1ee0c20eab22574bc
Trust: 0.1
title:Threatposturl:https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0153 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004647

EXTERNAL IDS
db:NVDid:CVE-2019-0153
Trust: 2.6
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004647
Trust: 0.8
db:CNNVDid:CNNVD-201905-754
Trust: 0.7
db:AUSCERTid:ASB-2019.0148.2
Trust: 0.6
db:AUSCERTid:ESB-2019.2211
Trust: 0.6
db:LENOVOid:LEN-26293
Trust: 0.6
db:CNVDid:CNVD-2020-18591
Trust: 0.1
db:VULHUBid:VHN-140184
Trust: 0.1
db:VULMONid:CVE-2019-0153
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140184 // 
            
            
            
            VULMON: CVE-2019-0153 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004647 // 
            
            
            
            CNNVD: CNNVD-201905-754 // 
            
            
            
            NVD: CVE-2019-0153

REFERENCES
url:https://support.f5.com/csp/article/k71265658
Trust: 1.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0153
Trust: 1.4
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0153
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://support.f5.com/csp/article/k10522033
Trust: 0.6
url:https://support.f5.com/csp/article/k21423526
Trust: 0.6
url:https://support.lenovo.com/us/zh/solutions/len-26293
Trust: 0.6
url:https://www.auscert.org.au/bulletins/asb-2019.0148.2/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-26293
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2211/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/
Trust: 0.1
url:https://support.hp.com//us-en/document/c06330088
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140184 // 
            
            
            
            VULMON: CVE-2019-0153 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004647 // 
            
            
            
            CNNVD: CNNVD-201905-754 // 
            
            
            
            NVD: CVE-2019-0153

SOURCES
db:VULHUBid:VHN-140184
db:VULMONid:CVE-2019-0153
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004647
db:CNNVDid:CNNVD-201905-754
db:NVDid:CVE-2019-0153

LAST UPDATE DATE
2024-11-23T21:13:03.400000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140184date:2019-05-28T00:00:00
db:VULMONid:CVE-2019-0153date:2019-05-28T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004647date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-754date:2019-09-26T00:00:00
db:NVDid:CVE-2019-0153date:2024-11-21T04:16:21.310

SOURCES RELEASE DATE
db:VULHUBid:VHN-140184date:2019-05-17T00:00:00
db:VULMONid:CVE-2019-0153date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004647date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-754date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0153date:2019-05-17T16:29:02.093