Vulnerabilities > CVE-2019-0090 - Unspecified vulnerability in Intel products

047910
CVSS 7.1 - HIGH
Attack vector
PHYSICAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
high complexity
intel

Summary

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Statements

contributorIntel PSIRT
lastmodified2019-11-08
organizationIntel
statementAfter an attacker gains access, they would need to invest additional effort in preparation or execution of the vulnerable component in order to use this vulnerability.

The Hacker News

idTHN:F328B5F47600BF5DF062F354A7AFD673
last seen2020-03-06
modified2020-03-06
published2020-03-06
reporterThe Hacker News
sourcehttps://thehackernews.com/2020/03/intel-csme-vulnerability.html
titleThis Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years