Vulnerabilities > Intel > Converged Security Management Engine Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-11106 | Insufficient Session Expiration vulnerability in Intel products Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
| 2019-12-18 | CVE-2019-11105 | Improper Privilege Management vulnerability in Intel Converged Security Management Engine Firmware Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access. | 4.6 |
| 2019-12-18 | CVE-2019-11104 | Improper Input Validation vulnerability in Intel products Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2019-12-18 | CVE-2019-11103 | Improper Input Validation vulnerability in Intel Converged Security Management Engine Firmware Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2019-12-18 | CVE-2019-11087 | Improper Input Validation vulnerability in Intel products Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access. | 4.6 |
| 2019-12-18 | CVE-2019-0169 | Out-of-bounds Write vulnerability in Intel products Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. | 5.8 |
| 2019-05-17 | CVE-2019-0170 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Converged Security Management Engine Firmware 12.0.5 Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
| 2019-05-17 | CVE-2019-0086 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel products Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. | 4.6 |
| 2019-03-14 | CVE-2018-12208 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access. | 4.6 |
| 2019-03-14 | CVE-2018-12196 | Improper Input Validation vulnerability in Intel Converged Security Management Engine Firmware 12.0.5 Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access. | 4.6 |