RSS   Vulnerabilities for
'Converged security management engine firmware'
   RSS

2019-05-17
 
CVE-2019-0170

CWE-119
 

 
Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access.

 
 
CVE-2019-0153

CWE-119
 

 
Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

 
 
CVE-2019-0098

CWE-264
 

 
Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

 
 
CVE-2019-0086

CWE-264
 

 
Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

 
2019-03-14
 
CVE-2018-12208

CWE-119
 

 
Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

 
 
CVE-2018-12199

CWE-119
 

 
Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.

 
 
CVE-2018-12196

CWE-20
 

 
Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access.

 
 
CVE-2018-12192

CWE-287
 

 
Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.

 
 
CVE-2018-12191

CWE-264
 

 
Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

 
 
CVE-2018-12190

CWE-20
 

 
Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access.

 


Copyright 2019, cxsecurity.com

 

Back to Top