Vulnerabilities > CVE-2019-0090 - Unspecified vulnerability in Intel products

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
intel

Summary

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Vulnerable Configurations

Part Description Count
Application
Intel
2

Statements

contributorIntel PSIRT
lastmodified2019-11-08
organizationIntel
statementAfter an attacker gains access, they would need to invest additional effort in preparation or execution of the vulnerable component in order to use this vulnerability.

The Hacker News

idTHN:F328B5F47600BF5DF062F354A7AFD673
last seen2020-03-06
modified2020-03-06
published2020-03-06
reporterThe Hacker News
sourcehttps://thehackernews.com/2020/03/intel-csme-vulnerability.html
titleThis Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years