Vulnerabilities > CVE-2019-0093 - Unspecified vulnerability in Intel Converged Security and Management Engine

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

intel

NVD

Published: 2019-05-17

Updated: 2020-08-24

Summary

Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.

Vulnerable Configurations

Part	Description	Count
Application	Intel Intel Converged Security AND Management Engine 11.8.0 Intel Converged Security AND Management Engine 11.11.0 Intel Converged Security AND Management Engine 11.22.0 Intel Converged Security AND Management Engine 12.0	4

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
https://support.f5.com/csp/article/K13710800