Vulnerabilities > CVE-2019-0090 - Unspecified vulnerability in Intel products
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL local
intel
Summary
Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Statements
| contributor | Intel PSIRT |
| lastmodified | 2019-11-08 |
| organization | Intel |
| statement | After an attacker gains access, they would need to invest additional effort in preparation or execution of the vulnerable component in order to use this vulnerability. |
The Hacker News
| id | THN:F328B5F47600BF5DF062F354A7AFD673 |
| last seen | 2020-03-06 |
| modified | 2020-03-06 |
| published | 2020-03-06 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2020/03/intel-csme-vulnerability.html |
| title | This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years |