Vulnerabilities > CVE-2019-0090 - Unspecified vulnerability in Intel products
Attack vector
PHYSICAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH high complexity
intel
Summary
Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Vulnerable Configurations
Statements
| contributor | Intel PSIRT |
| lastmodified | 2019-11-08 |
| organization | Intel |
| statement | After an attacker gains access, they would need to invest additional effort in preparation or execution of the vulnerable component in order to use this vulnerability. |
The Hacker News
| id | THN:F328B5F47600BF5DF062F354A7AFD673 |
| last seen | 2020-03-06 |
| modified | 2020-03-06 |
| published | 2020-03-06 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2020/03/intel-csme-vulnerability.html |
| title | This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years |