Details of VAR-201905-1170

ID

VAR-201905-1170

CVE

CVE-2019-0086

TITLE

Intel(R) CSME and TXE for Dynamic Application Loader Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004637

DESCRIPTION

Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). The vulnerability stems from the lack of effective permissions and access control measures in network systems or products. The following products and versions are affected: Intel CSME versions before 11.8.65, versions before 11.11.65, versions before 11.22.65, versions before 12.0.35; Intel TXE versions 3.1.65 and 4.0.15

Trust: 1.8

sources: NVD: CVE-2019-0086 // JVNDB: JVNDB-2019-004637 // VULHUB: VHN-140117 // VULMON: CVE-2019-0086

AFFECTED PRODUCTS

vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.11.65	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.22.65	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.8.65	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	12.0.35	Trust: 1.8
vendor:	intel	model:	trusted execution engine	scope:	lt	version:	3.1.65	Trust: 1.8
vendor:	intel	model:	converged security management engine	scope:	gte	version:	11.10	Trust: 1.0
vendor:	intel	model:	trusted execution engine	scope:	gte	version:	3.0	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	11.20	Trust: 1.0
vendor:	intel	model:	trusted execution engine	scope:	gte	version:	4.0	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	trusted execution engine	scope:	lte	version:	4.0.15	Trust: 1.0
vendor:	intel	model:	converged security management engine	scope:	gte	version:	11.0	Trust: 1.0
vendor:	intel	model:	trusted execution engine	scope:	lt	version:	4.0.15	Trust: 0.8

sources: JVNDB: JVNDB-2019-004637 // NVD: CVE-2019-0086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0086
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-0086
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-739
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140117
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-0086
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0086
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-140117
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0086
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140117 // VULMON: CVE-2019-0086 // JVNDB: JVNDB-2019-004637 // CNNVD: CNNVD-201905-739 // NVD: CVE-2019-0086

PROBLEMTYPE DATA

problemtype:	CWE-59	Trust: 1.1
problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-140117 // JVNDB: JVNDB-2019-004637 // NVD: CVE-2019-0086

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-739

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-739

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004637

PATCH

title:	INTEL-SA-00213	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 0.8
title:	HP: HPSBHF03616 rev. 1 - Intel CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03616	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03616 rev. 4 - Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=fd8d8d147c2dc58a9552ea19a80369fe	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03616 rev. 4 - Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=36bdf366c0b633d1ee0c20eab22574bc	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/	Trust: 0.1

sources: VULMON: CVE-2019-0086 // JVNDB: JVNDB-2019-004637

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0086	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-004637	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-739	Trust: 0.7
db:	AUSCERT	id:	ASB-2019.0148.2	Trust: 0.6
db:	LENOVO	id:	LEN-26293	Trust: 0.6
db:	CNVD	id:	CNVD-2020-18604	Trust: 0.1
db:	VULHUB	id:	VHN-140117	Trust: 0.1
db:	VULMON	id:	CVE-2019-0086	Trust: 0.1

sources: VULHUB: VHN-140117 // VULMON: CVE-2019-0086 // JVNDB: JVNDB-2019-004637 // CNNVD: CNNVD-201905-739 // NVD: CVE-2019-0086

REFERENCES

url:	https://support.f5.com/csp/article/k35815741	Trust: 1.8
url:	https://danishcyberdefence.dk/blog/dal	Trust: 1.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0086	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0086	Trust: 0.8
url:	https://support.lenovo.com/us/zh/solutions/len-26293	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/asb-2019.0148.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-26293	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/59.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/732.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/	Trust: 0.1
url:	https://support.hp.com/us-en/document/c06330088	Trust: 0.1

sources: VULHUB: VHN-140117 // VULMON: CVE-2019-0086 // JVNDB: JVNDB-2019-004637 // CNNVD: CNNVD-201905-739 // NVD: CVE-2019-0086

SOURCES

db:	VULHUB	id:	VHN-140117
db:	VULMON	id:	CVE-2019-0086
db:	JVNDB	id:	JVNDB-2019-004637
db:	CNNVD	id:	CNNVD-201905-739
db:	NVD	id:	CVE-2019-0086

LAST UPDATE DATE

2024-11-23T20:33:43.967000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140117	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-0086	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-004637	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-739	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0086	date:	2024-11-21T04:16:12.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140117	date:	2019-05-17T00:00:00
db:	VULMON	id:	CVE-2019-0086	date:	2019-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-004637	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-739	date:	2019-05-17T00:00:00
db:	NVD	id:	CVE-2019-0086	date:	2019-05-17T16:29:00.797