Details of VAR-201905-1175

ID

VAR-201905-1175

CVE

CVE-2019-0093

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME and SPS Contains an information disclosure vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel Server Platform Services (SPS) are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services is a server platform service program. The HECI subsystem is one of the host embedded controller interface subsystems. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. The following products and versions are affected: Intel CSME versions prior to 11.8.65, versions prior to 11.11.65, versions prior to 11.22.65, versions prior to 12.0.35; Intel SPS versions prior to SPS_E3_05.00.04.027.0

Trust: 1.8

sources: NVD: CVE-2019-0093 // JVNDB: JVNDB-2019-004744 // VULHUB: VHN-140124 // VULMON: CVE-2019-0093

AFFECTED PRODUCTS

vendor:	intel	model:	converged security and management engine	scope:	lt	version:	11.22.65	Trust: 1.0
vendor:	intel	model:	converged security and management engine	scope:	lt	version:	11.8.65	Trust: 1.0
vendor:	intel	model:	converged security and management engine	scope:	gte	version:	12.0	Trust: 1.0
vendor:	intel	model:	converged security and management engine	scope:	gte	version:	11.11.0	Trust: 1.0
vendor:	intel	model:	converged security and management engine	scope:	lt	version:	11.11.65	Trust: 1.0
vendor:	intel	model:	converged security and management engine	scope:	lt	version:	12.0.35	Trust: 1.0
vendor:	intel	model:	converged security and management engine	scope:	gte	version:	11.8.0	Trust: 1.0
vendor:	intel	model:	converged security and management engine	scope:	gte	version:	11.22.0	Trust: 1.0
vendor:	intel	model:	acu wizard	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	driver and support assistant	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	dynamic application loader	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	i915	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc board nuc7i7dnbe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i5dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnhe	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7dnke	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7hvk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	proset/wireless software driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus ii programmer and tools	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	quartus prime	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	scs discovery utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	unite client	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.11.65	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.22.65	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	11.8.65	Trust: 0.8
vendor:	intel	model:	converged security management engine	scope:	lt	version:	12.0.35	Trust: 0.8

sources: JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004744 // NVD: CVE-2019-0093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0093
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0093
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-744
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140124
value:	LOW
Trust: 0.1
VULMON:	CVE-2019-0093
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0093
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-140124
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0093
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140124 // VULMON: CVE-2019-0093 // JVNDB: JVNDB-2019-004744 // CNNVD: CNNVD-201905-744 // NVD: CVE-2019-0093

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-140124 // JVNDB: JVNDB-2019-004744 // NVD: CVE-2019-0093

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-744

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-744

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003441

PATCH

title:	INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 1.6
title:	INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html	Trust: 0.8
title:	INTEL-SA-00244 - IntelR QuartusR Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html	Trust: 0.8
title:	INTEL-SA-00245 - Intel UniteR Client for Android* Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html	Trust: 0.8
title:	INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html	Trust: 0.8
title:	INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html	Trust: 0.8
title:	INTEL-SA-00251 - IntelR NUC Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html	Trust: 0.8
title:	INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html	Trust: 0.8
title:	INTEL-SA-00252 - IntelR Driver & Support Assistant Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html	Trust: 0.8
title:	INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html	Trust: 0.8
title:	INTEL-SA-00228 - Intel UniteR Client Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html	Trust: 0.8
title:	INTEL-SA-00233 - Microarchitectural Data Sampling Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Trust: 0.8
title:	HP: HPSBHF03616 rev. 1 - Intel CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03616	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03616 rev. 4 - Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=fd8d8d147c2dc58a9552ea19a80369fe	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03616 rev. 4 - Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=36bdf366c0b633d1ee0c20eab22574bc	Trust: 0.1

sources: VULMON: CVE-2019-0093 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004744

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0093	Trust: 2.6
db:	JVN	id:	JVNVU92328381	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-003441	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-004744	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-744	Trust: 0.7
db:	AUSCERT	id:	ASB-2019.0148.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2184	Trust: 0.6
db:	LENOVO	id:	LEN-26293	Trust: 0.6
db:	CNVD	id:	CNVD-2020-18587	Trust: 0.1
db:	VULHUB	id:	VHN-140124	Trust: 0.1
db:	VULMON	id:	CVE-2019-0093	Trust: 0.1

sources: VULHUB: VHN-140124 // VULMON: CVE-2019-0093 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004744 // CNNVD: CNNVD-201905-744 // NVD: CVE-2019-0093

REFERENCES

url:	https://support.f5.com/csp/article/k13710800	Trust: 2.4
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0093	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu92328381/index.html	Trust: 0.8
url:	https://mdsattacks.com/files/ridl.pdf	Trust: 0.8
url:	https://mdsattacks.com/files/fallout.pdf	Trust: 0.8
url:	https://zombieloadattack.com/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0093	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92328381/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2184/	Trust: 0.6
url:	https://support.lenovo.com/us/zh/solutions/len-26293	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/asb-2019.0148.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-26293	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.hp.com/us-en/document/c06330088	Trust: 0.1

sources: VULHUB: VHN-140124 // VULMON: CVE-2019-0093 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004744 // CNNVD: CNNVD-201905-744 // NVD: CVE-2019-0093

SOURCES

db:	VULHUB	id:	VHN-140124
db:	VULMON	id:	CVE-2019-0093
db:	JVNDB	id:	JVNDB-2019-003441
db:	JVNDB	id:	JVNDB-2019-004744
db:	CNNVD	id:	CNNVD-201905-744
db:	NVD	id:	CVE-2019-0093

LAST UPDATE DATE

2024-11-23T20:42:05.341000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140124	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-0093	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004744	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-744	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0093	date:	2024-11-21T04:16:13.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140124	date:	2019-05-17T00:00:00
db:	VULMON	id:	CVE-2019-0093	date:	2019-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003441	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004744	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-744	date:	2019-05-17T00:00:00
db:	NVD	id:	CVE-2019-0093	date:	2019-05-17T16:29:01.140